Nitrogen Active

Malvertising-based initial access
PDF Report Back to Groups
0
Total Victims
2024-09-01
First Seen
N/A
Last Seen
21
Known TTPs
16.9d
Avg Delay
0
Negotiations
ONION URLS
nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion
6lrsxvqscxtznb4fhux5u3vbslbanxjzxzgtokjtfwaitxe4pfgfebad.onion
TOOLS
Malvertising Cobalt Strike
FILE EXTENSIONS
.nitrogen
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1039 Data from Network Shared Drive Collection
T1560.001 Archive via Utility Collection
T1090 Proxy Command and Control
T1573.002 Asymmetric Cryptography Command and Control
T1003.001 LSASS Memory Credential Access
T1110.003 Password Spraying Credential Access
T1555.003 Credentials from Web Browsers Credential Access
T1027 Obfuscated Files or Information Defense Evasion
T1049 System Network Connections Discovery Discovery
T1059.001 PowerShell Execution
T1204.001 Malicious Link Execution
T1204.002 Malicious File Execution
T1041 Exfiltration Over C2 Channel Exfiltration
T1567.002 Exfiltration to Cloud Storage Exfiltration
T1486 Data Encrypted for Impact Impact
T1078 Valid Accounts Initial Access
T1098 Account Manipulation Persistence
T1136.001 Local Account Persistence
T1547.001 Registry Run Keys Persistence
T1068 Exploitation for Privilege Escalation Privilege Escalation
T1548.002 Bypass UAC Privilege Escalation

No YARA rules

TypeValueDescriptionCopy
email admin755@keemail.me Associated with Nitrogen ransomware
sha1 6299236dc17a2c58709abe5804fe61ba044b2fe0 Dropper hash observed in Nitrogen attacks
btc bc1qp1lsmtgpvon9a1g4y3ttlswrt2bmt0owekf9na Bitcoin ransom address - Nitrogen campaign
tox BCE53CA4EA8DEBCBEAA8DCEF0BAFC8BE68DCAEAA3FF3DC5B60C2720ABA7FD2619BB2AAC320CE Associated with Nitrogen ransomware
btc bc1qb5u3cdyhg30se41lj3h2f3a9yct6t844h453rb Infrastructure linked to Nitrogen
md5 dd3b282246b9f2b561f6f885d644032e Associated with Nitrogen ransomware
ip 202.121.75.156 C2 server IP - Nitrogen campaign
tox 7D51019EEF7FA0EB4E9F8D86D081E89BFDCBC14E1DEE72ADE3D4DFF5180DEEDF983258AAEA00 Infrastructure linked to Nitrogen
email info59@protonmail.com Infrastructure linked to Nitrogen
email contact887@tutanota.com Associated with Nitrogen ransomware

No ransom notes