Fortress Defunct

Ransomware group first observed in 2021. Uses Rclone for deployment.
PDF Report Back to Groups
0
Total Victims
2021-06-01
First Seen
2022-12-07
Last Seen
21
Known TTPs
20.7d
Avg Delay
0
Negotiations
ONION URLS
zm5cm3ld7z2pcgb746mcjatxargudalqg2tiyzvmwgdvc4iuvmpblirs.onion
TOOLS
Rclone LaZagne net.exe ngrok Meterpreter
FILE EXTENSIONS
.pay
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1005 Data from Local System Collection
T1074.001 Local Data Staging Collection
T1560.001 Archive via Utility Collection
T1071.001 Web Protocols Command and Control
T1090 Proxy Command and Control
T1110.001 Password Guessing Credential Access
T1110.003 Password Spraying Credential Access
T1555.003 Credentials from Web Browsers Credential Access
T1027 Obfuscated Files or Information Defense Evasion
T1049 System Network Connections Discovery Discovery
T1087 Account Discovery Discovery
T1047 Windows Management Instrumentation Execution
T1529 System Shutdown/Reboot Impact
T1190 Exploit Public-Facing Application Initial Access
T1566.001 Spearphishing Attachment Initial Access
T1021.001 Remote Desktop Protocol Lateral Movement
T1080 Taint Shared Content Lateral Movement
T1098 Account Manipulation Persistence
T1547.001 Registry Run Keys Persistence
T1547.009 Shortcut Modification Persistence
T1068 Exploitation for Privilege Escalation Privilege Escalation

No YARA rules

No IoCs

No ransom notes