FateRage Active

Ransomware group first observed in 2018. Uses ngrok for deployment.
PDF Report Back to Groups
1
Total Victims
2018-07-01
First Seen
2026-03-07
Last Seen
20
Known TTPs
40.8d
Avg Delay
0
Negotiations
ONION URLS
5vxighsarcsf6dexnpmrslou7ue6fmfyp5rkl45pm46qfapdhsfenu3j.onion
TOOLS
ngrok FileZilla Rubeus SharpDPAPI IcedID
FILE EXTENSIONS
.dark
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2026-03-07 Phoenix Logistics United States Energy Published
Technique ID Technique Name Tactic
T1039 Data from Network Shared Drive Collection
T1219 Remote Access Software Command and Control
T1573.002 Asymmetric Cryptography Command and Control
T1562.001 Disable or Modify Tools Defense Evasion
T1562.004 Disable or Modify System Firewall Defense Evasion
T1562.009 Safe Mode Boot Defense Evasion
T1049 System Network Connections Discovery Discovery
T1082 System Information Discovery Discovery
T1083 File and Directory Discovery Discovery
T1053.005 Scheduled Task Execution
T1204.002 Malicious File Execution
T1486 Data Encrypted for Impact Impact
T1491.001 Internal Defacement Impact
T1561.001 Disk Wipe Impact
T1078 Valid Accounts Initial Access
T1189 Drive-by Compromise Initial Access
T1195.002 Compromise Software Supply Chain Initial Access
T1566.001 Spearphishing Attachment Initial Access
T1547.001 Registry Run Keys Persistence
T1068 Exploitation for Privilege Escalation Privilege Escalation

No YARA rules

No IoCs

No ransom notes