PenumbraBreach Inactive

Ransomware group first observed in 2024. Uses Brute Ratel for deployment.
PDF Report Back to Groups
0
Total Victims
2024-02-01
First Seen
2025-06-23
Last Seen
5
Known TTPs
32.6d
Avg Delay
0
Negotiations
ONION URLS
qfwxlafkc7hqbsgkdxsi5r3x3kb7cm2kaoaan2xqudok263rkk4uylcv.onion
TOOLS
Brute Ratel FileZilla
FILE EXTENSIONS
.ransom
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1560.001 Archive via Utility Collection
T1041 Exfiltration Over C2 Channel Exfiltration
T1021.004 SSH Lateral Movement
T1098 Account Manipulation Persistence
T1543.003 Windows Service Persistence

No YARA rules

No IoCs

No ransom notes