EarthquakeAttack Inactive

Ransomware group first observed in 2023. Uses Mimikatz for deployment.
PDF Report Back to Groups
0
Total Victims
2023-12-01
First Seen
2024-10-26
Last Seen
0
Known TTPs
42.0d
Avg Delay
0
Negotiations
ONION URLS
adq7ljmd7x4pmnxf6bkpahtlxo3n7klkqoup2iyhmg3iirlmbh3bimll.onion
TOOLS
Mimikatz ScreenConnect MegaSync PowerTool
FILE EXTENSIONS
.crypt
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
ip 17.208.147.116 Associated with EarthquakeAttack ransomware
sha1 a0991f7b8b1369d875ee796bae4a8e6d680d4970 Associated with EarthquakeAttack ransomware
email support939@keemail.me Associated with EarthquakeAttack ransomware
btc bc1qwj3mudeamx3ue7pggntgclc3fbcc7ku68fji52 Infrastructure linked to EarthquakeAttack
md5 da2d7e23d5094541100d260a4b9b0910 Malware sample hash observed in EarthquakeAttack attacks
btc bc1qhcj31dlcttgy1voopnaf9h8inv6eypjtzn3ug1 Associated with EarthquakeAttack ransomware
email decrypt361@onionmail.org Contact email observed in EarthquakeAttack attacks
sha256 14574ecbf92a023123bffef3ee76f1414190c2c10a86c47d85c62185a03fe98d Infrastructure linked to EarthquakeAttack
sha1 69054905b6dc6d890c8b37e18b68128b6e1d15f1 Associated with EarthquakeAttack ransomware
email contact937@tuta.io Contact email - EarthquakeAttack campaign
btc bc1q8mmc49hm9hkdf8bg7nihqbxbya8tft9hw58ens Bitcoin ransom address - EarthquakeAttack campaign
email recover70@tutanota.com Contact email observed in EarthquakeAttack attacks
md5 9ebf5fbd4081424331544b550caf9f75 Associated with EarthquakeAttack ransomware
md5 ad796a909c0d2b1aa0c2f6bd99ab189e Associated with EarthquakeAttack ransomware
ip 18.116.166.185 Infrastructure linked to EarthquakeAttack

No ransom notes