ExplosionWare Inactive

Ransomware group first observed in 2021. Uses ScreenConnect for deployment.
PDF Report Back to Groups
0
Total Victims
2021-08-01
First Seen
2025-10-18
Last Seen
0
Known TTPs
38.5d
Avg Delay
0
Negotiations
ONION URLS
5l4chflgfy4ojdydpwd7ogtnfd2udeqytow4di7wefaa6lh5ckmdbrnl.onion
TOOLS
ScreenConnect Rclone
FILE EXTENSIONS
.dead
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
email decrypt100@tutanota.com Contact email - ExplosionWare campaign
sha256 7451fecfd0b79a7375d6f6820b914d42b8f052a58aaf7f3ea2a37ee298143651 Ransomware binary hash - ExplosionWare campaign
sha256 e3b25710f7dba4ec4c53028cb0f100ea8c228fb62dec3fefedb13f4106977272 Associated with ExplosionWare ransomware
sha1 dec727cd137c4ce2a25ce38898d9029bce70a870 Dropper hash observed in ExplosionWare attacks
email contact626@tuta.io Contact email observed in ExplosionWare attacks
tox D3DCFFCB3961FDAECC96ED6BAAE52DDB7D6BE25C1E90AA23B07DBE5AFBFB00103CBBD510DB50 Associated with ExplosionWare ransomware
ip 170.63.64.2 C2 server IP - ExplosionWare campaign
md5 6fdb856661f032b841069c23b7d38087 Malware sample hash - ExplosionWare campaign
md5 a86efc8d321e15cbc1c625a6cd1d4a47 Infrastructure linked to ExplosionWare
md5 9b5e0e2d8fd4b10b00e4aa664afe81f9 Malware sample hash observed in ExplosionWare attacks
md5 1d854c25d9219573c341e2ac135ef96f Malware sample hash - ExplosionWare campaign
email payment644@tuta.io Infrastructure linked to ExplosionWare
email decrypt201@airmail.cc Infrastructure linked to ExplosionWare
sha256 7ea9ce672d20a2e49efe244d0539b04ba576ede81487e1aecf49c7163a160b73 Associated with ExplosionWare ransomware

No ransom notes