Harbinger Defunct

Ransomware group first observed in 2022. Uses Ligolo for deployment.
PDF Report Back to Groups
0
Total Victims
2022-10-01
First Seen
2024-02-24
Last Seen
13
Known TTPs
16.8d
Avg Delay
0
Negotiations
ONION URLS
ptnecse5ngfb6mnnltqv2ocf47cvl34ppiduvvhemn3ej3yrkrq7aamg.onion
TOOLS
Ligolo IcedID GMER
FILE EXTENSIONS
.rip
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1074.001 Local Data Staging Collection
T1090 Proxy Command and Control
T1572 Protocol Tunneling Command and Control
T1055 Process Injection Defense Evasion
T1140 Deobfuscate/Decode Files Defense Evasion
T1562.009 Safe Mode Boot Defense Evasion
T1069 Permission Groups Discovery Discovery
T1059.003 Windows Command Shell Execution
T1489 Service Stop Impact
T1561.001 Disk Wipe Impact
T1021.004 SSH Lateral Movement
T1547.001 Registry Run Keys Persistence
T1547.009 Shortcut Modification Persistence

No YARA rules

No IoCs

No ransom notes