Order Active

Ransomware group first observed in 2020. Uses TDSSKiller for deployment.
PDF Report Back to Groups
3
Total Victims
2020-08-01
First Seen
2026-03-06
Last Seen
0
Known TTPs
13.7d
Avg Delay
0
Negotiations
ONION URLS
gatmcejtvguvsqk6ayyahz2pftytslwhqdhqo7eajhmsxmswiqm7oikm.onion
TOOLS
TDSSKiller IcedID 7-Zip Mythic
FILE EXTENSIONS
.locked
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2026-03-06 Central Financial India Insurance Published
2026-03-06 Royal Solutions Mexico Energy Removed
2026-03-06 Eagle Labs Italy Legal Negotiating

No TTPs data

No YARA rules

No IoCs

No ransom notes