LynxLeak Active
Ransomware group first observed in 2025. Uses AnyDesk for deployment.0
Total Victims
2025-05-01
First Seen
2026-02-21
Last Seen
24
Known TTPs
32.3d
Avg Delay
0
Negotiations
ONION URLS
g4ufxhhufpun6ifi3nvte42lb4gdhzxxwc3bupt2m5nxxqs2467gfd3j.onion
TOOLS
AnyDesk
TeamViewer
IcedID
TrickBot
FILE EXTENSIONS
.crypt
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1560.001 | Archive via Utility | Collection |
| T1071.001 | Web Protocols | Command and Control |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1219 | Remote Access Software | Command and Control |
| T1110.001 | Password Guessing | Credential Access |
| T1055 | Process Injection | Defense Evasion |
| T1070.004 | File Deletion | Defense Evasion |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
| T1016 | System Network Configuration Discovery | Discovery |
| T1087 | Account Discovery | Discovery |
| T1135 | Network Share Discovery | Discovery |
| T1047 | Windows Management Instrumentation | Execution |
| T1204.001 | Malicious Link | Execution |
| T1485 | Data Destruction | Impact |
| T1490 | Inhibit System Recovery | Impact |
| T1491.001 | Internal Defacement | Impact |
| T1531 | Account Access Removal | Impact |
| T1561.001 | Disk Wipe | Impact |
| T1189 | Drive-by Compromise | Initial Access |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1098 | Account Manipulation | Persistence |
| T1547.009 | Shortcut Modification | Persistence |
No YARA rules
No IoCs
No ransom notes