Dusk Active
Ransomware group first observed in 2020. Uses PowerShell Empire for deployment.0
Total Victims
2020-11-01
First Seen
2026-02-28
Last Seen
21
Known TTPs
23.5d
Avg Delay
0
Negotiations
ONION URLS
g6ik67kofdro7jia5or2qa4ts62rig4oldqrjpjndmsnktftqrdnhjmv.onion
TOOLS
PowerShell Empire
BloodHound
TrickBot
TDSSKiller
FILE EXTENSIONS
.doom
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1039 | Data from Network Shared Drive | Collection |
| T1071.001 | Web Protocols | Command and Control |
| T1090 | Proxy | Command and Control |
| T1219 | Remote Access Software | Command and Control |
| T1003.003 | NTDS | Credential Access |
| T1110.003 | Password Spraying | Credential Access |
| T1555.003 | Credentials from Web Browsers | Credential Access |
| T1027 | Obfuscated Files or Information | Defense Evasion |
| T1070.004 | File Deletion | Defense Evasion |
| T1562.001 | Disable or Modify Tools | Defense Evasion |
| T1016 | System Network Configuration Discovery | Discovery |
| T1082 | System Information Discovery | Discovery |
| T1485 | Data Destruction | Impact |
| T1489 | Service Stop | Impact |
| T1529 | System Shutdown/Reboot | Impact |
| T1561.001 | Disk Wipe | Impact |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
| T1021.004 | SSH | Lateral Movement |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1547.009 | Shortcut Modification | Persistence |
No YARA rules
No IoCs
No ransom notes