RA Group Active
Uses leaked Babuk source code. Targets primarily US organizations.0
Total Victims
2023-04-01
First Seen
N/A
Last Seen
8
Known TTPs
22.6d
Avg Delay
0
Negotiations
ONION URLS
pa32ymaeu62yo5th5mraikgw5fcvznnsiiwti42carjliarodltmqcqd.onion
hkpomcx622gnqp2qhenv4ceyrhwvld3zwogr4mnkdeudq2txf55keoad.onion
raworldw32b2qxevn3gp63pvibgixr4v75z62etlptg3u3pmajwra4ad.onion
raworlddecssyq43oim3hxhc5oxvlbaxuj73xbz2pbbowso3l4kn27qd.onion
TOOLS
Cobalt Strike
Chisel
Ligolo
ScreenConnect
FILE EXTENSIONS
.encrypted
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1005 | Data from Local System | Collection |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1018 | Remote System Discovery | Discovery |
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1189 | Drive-by Compromise | Initial Access |
| T1021.002 | SMB/Windows Admin Shares | Lateral Movement |
| T1021.004 | SSH | Lateral Movement |
| T1098 | Account Manipulation | Persistence |
No YARA rules
No ransom notes