NoctisDark - Ransomware Monitor

Total Victims

2018-07-01

First Seen

2019-11-15

Last Seen

Known TTPs

32.4d

Avg Delay

Negotiations

ONION URLS

kgshy67eoa6oll66xfdpsf4xcsswf74oqpx4slpbdjqhhjdyejgxz3j2.onion

TOOLS

ADFind GMER 7-Zip Sliver C2

FILE EXTENSIONS

.crypt

ACTIVITY TIMELINE

TOP SECTORS

TOP COUNTRIES

ACTIVITY HEATMAP

Date	Victim Name	Country	Sector	Status
No victims recorded

No TTPs data

No YARA rules

Type	Value	Description
tox	5AB6AC298BB2EC6C6BCA2B970DBCFFC2A9F2E4ACC837F0D698BF968AEB2CE16739BA99E28F5C	Tox messenger ID observed in NoctisDark attacks
sha256	7e65d94f9dd2ac3bb2fb473ef164645a56aaec4c68b43285b9c7049d4ead0618	Associated with NoctisDark ransomware
sha1	eaa001876441cceed4fcb503725f5c6bdc9d3cf1	Infrastructure linked to NoctisDark
btc	bc1qjhcehlvi774mf67kgrqyy7tlq4kx6r91k59zyt	Associated with NoctisDark ransomware
ip	167.55.147.66	C2 server IP observed in NoctisDark attacks
md5	617bb4a36b273746ef68f4f2a31f2977	Infrastructure linked to NoctisDark
sha1	63937d57a568091aa213e11cf335063751b51fb8	Infrastructure linked to NoctisDark
sha1	41939f6148869c9df0c92ef3b019084a835f919f	Dropper hash - NoctisDark campaign
md5	29767e4e3bafd595d041b94ab30b60ec	Malware sample hash - NoctisDark campaign
md5	4e3a35cd6cb48206673624584b79ab4e	Infrastructure linked to NoctisDark
email	recover789@keemail.me	Associated with NoctisDark ransomware

No ransom notes

NoctisDark Inactive