Fracture Inactive
Ransomware group first observed in 2020. Uses AnyDesk for deployment.0
Total Victims
2020-09-01
First Seen
2023-09-24
Last Seen
17
Known TTPs
7.3d
Avg Delay
0
Negotiations
ONION URLS
dllfp5vkfarmt4vxxescvvasdu4kfeugu65fldokudu76vv6uyl2yzsm.onion
TOOLS
AnyDesk
QBot
Brute Ratel
FILE EXTENSIONS
.dead
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1560.001 | Archive via Utility | Collection |
| T1219 | Remote Access Software | Command and Control |
| T1572 | Protocol Tunneling | Command and Control |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1070.004 | File Deletion | Defense Evasion |
| T1082 | System Information Discovery | Discovery |
| T1087 | Account Discovery | Discovery |
| T1053.005 | Scheduled Task | Execution |
| T1059.003 | Windows Command Shell | Execution |
| T1204.001 | Malicious Link | Execution |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1490 | Inhibit System Recovery | Impact |
| T1078 | Valid Accounts | Initial Access |
| T1133 | External Remote Services | Initial Access |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1098 | Account Manipulation | Persistence |
No YARA rules
No ransom notes