Minos Active
Ransomware group first observed in 2021. Uses SharpDPAPI for deployment.0
Total Victims
2021-12-01
First Seen
2026-03-08
Last Seen
21
Known TTPs
3.9d
Avg Delay
0
Negotiations
ONION URLS
e2o4sv5voq5m3a5bhw2cwfeyvd5pfeq3mnsfslezvgmao2ajo7lifnx7.onion
TOOLS
SharpDPAPI
Ligolo
7-Zip
BloodHound
FILE EXTENSIONS
.help
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1005 | Data from Local System | Collection |
| T1560.001 | Archive via Utility | Collection |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1219 | Remote Access Software | Command and Control |
| T1572 | Protocol Tunneling | Command and Control |
| T1110.001 | Password Guessing | Credential Access |
| T1555.003 | Credentials from Web Browsers | Credential Access |
| T1027 | Obfuscated Files or Information | Defense Evasion |
| T1059.003 | Windows Command Shell | Execution |
| T1204.001 | Malicious Link | Execution |
| T1567.002 | Exfiltration to Cloud Storage | Exfiltration |
| T1491.001 | Internal Defacement | Impact |
| T1529 | System Shutdown/Reboot | Impact |
| T1531 | Account Access Removal | Impact |
| T1078 | Valid Accounts | Initial Access |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1195.002 | Compromise Software Supply Chain | Initial Access |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
| T1548.002 | Bypass UAC | Privilege Escalation |
No YARA rules
No IoCs
No ransom notes