Pixel Active
Ransomware group first observed in 2019. Uses Meterpreter for deployment.0
Total Victims
2019-05-01
First Seen
2026-02-14
Last Seen
11
Known TTPs
14.9d
Avg Delay
0
Negotiations
ONION URLS
ndpxtrpx2paxddefrnnsqowlesczwvwcl5dhsj2yu3vmztjxkk6nypcu.onion
TOOLS
Meterpreter
Rubeus
BazarLoader
FileZilla
TrickBot
FILE EXTENSIONS
.encrypted
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1071.001 | Web Protocols | Command and Control |
| T1562.004 | Disable or Modify System Firewall | Defense Evasion |
| T1562.009 | Safe Mode Boot | Defense Evasion |
| T1069 | Permission Groups Discovery | Discovery |
| T1083 | File and Directory Discovery | Discovery |
| T1135 | Network Share Discovery | Discovery |
| T1053.005 | Scheduled Task | Execution |
| T1204.001 | Malicious Link | Execution |
| T1490 | Inhibit System Recovery | Impact |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1134 | Access Token Manipulation | Privilege Escalation |
No YARA rules
No IoCs
No ransom notes