HadesSec Active
Ransomware group first observed in 2018. Uses GMER for deployment.0
Total Victims
2018-09-01
First Seen
2026-03-26
Last Seen
17
Known TTPs
26.4d
Avg Delay
0
Negotiations
ONION URLS
xks2f4xc2zs4ivtaubswigwkqsavos56azvuapvcglvkcik7l6wqf7om.onion
TOOLS
GMER
Ligolo
FILE EXTENSIONS
.doom
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1039 | Data from Network Shared Drive | Collection |
| T1074.001 | Local Data Staging | Collection |
| T1090 | Proxy | Command and Control |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1219 | Remote Access Software | Command and Control |
| T1055 | Process Injection | Defense Evasion |
| T1140 | Deobfuscate/Decode Files | Defense Evasion |
| T1562.009 | Safe Mode Boot | Defense Evasion |
| T1018 | Remote System Discovery | Discovery |
| T1087 | Account Discovery | Discovery |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1491.001 | Internal Defacement | Impact |
| T1529 | System Shutdown/Reboot | Impact |
| T1078 | Valid Accounts | Initial Access |
| T1133 | External Remote Services | Initial Access |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
| T1134 | Access Token Manipulation | Privilege Escalation |
No YARA rules
No IoCs
No ransom notes