Horde Defunct
Ransomware group first observed in 2016. Uses ngrok for deployment.0
Total Victims
2016-09-01
First Seen
2019-12-21
Last Seen
11
Known TTPs
29.2d
Avg Delay
0
Negotiations
ONION URLS
mvk6zxni5tp3cyzvqm63ulbuwcqxfulbepabrzb3vpf4tgpxw7rb2a54.onion
TOOLS
ngrok
Rclone
SystemBC
IcedID
FileZilla
FILE EXTENSIONS
.ransom
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1005 | Data from Local System | Collection |
| T1219 | Remote Access Software | Command and Control |
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1558.003 | Kerberoasting | Credential Access |
| T1218.011 | Rundll32 | Defense Evasion |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
| T1083 | File and Directory Discovery | Discovery |
| T1059.003 | Windows Command Shell | Execution |
| T1489 | Service Stop | Impact |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1548.002 | Bypass UAC | Privilege Escalation |
No YARA rules
No IoCs
No ransom notes