FragmentDark Inactive

Ransomware group first observed in 2016. Uses ADFind for deployment.
PDF Report Back to Groups
0
Total Victims
2016-06-01
First Seen
2017-02-13
Last Seen
21
Known TTPs
33.0d
Avg Delay
0
Negotiations
ONION URLS
xxvpadafk44fsx7x5g34koua6e56pke2257kwxqumasj5z5cdm2vpmmv.onion
TOOLS
ADFind Atera
FILE EXTENSIONS
.gone
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1074.001 Local Data Staging Collection
T1071.001 Web Protocols Command and Control
T1105 Ingress Tool Transfer Command and Control
T1572 Protocol Tunneling Command and Control
T1003.003 NTDS Credential Access
T1110.001 Password Guessing Credential Access
T1027 Obfuscated Files or Information Defense Evasion
T1070.004 File Deletion Defense Evasion
T1069 Permission Groups Discovery Discovery
T1135 Network Share Discovery Discovery
T1053.005 Scheduled Task Execution
T1204.001 Malicious Link Execution
T1486 Data Encrypted for Impact Impact
T1490 Inhibit System Recovery Impact
T1531 Account Access Removal Impact
T1078 Valid Accounts Initial Access
T1189 Drive-by Compromise Initial Access
T1566.002 Spearphishing Link Initial Access
T1136.001 Local Account Persistence
T1543.003 Windows Service Persistence
T1547.001 Registry Run Keys Persistence

No YARA rules

No IoCs

No ransom notes