Rhadamanthus Active

Ransomware group first observed in 2018. Uses 7-Zip for deployment.
PDF Report Back to Groups
0
Total Victims
2018-04-01
First Seen
2026-01-17
Last Seen
0
Known TTPs
17.4d
Avg Delay
0
Negotiations
ONION URLS
27azhoeewglz5x56fbouskrchxkgc7rdrvgdw2h4xmb3orox4jbwcqk4.onion
TOOLS
7-Zip Ligolo MegaSync QBot Brute Ratel
FILE EXTENSIONS
.doom
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
sha1 df47dab1a4ac6ee89d9e5d24bf6494b98ba62d8f Dropper hash - Rhadamanthus campaign
ip 142.189.17.93 Associated with Rhadamanthus ransomware
sha256 3e514fc804f2334e71d6a70440c0928004ae21b26ed13dfe4357eacc11f52f85 Associated with Rhadamanthus ransomware
ip 184.150.210.233 Associated with Rhadamanthus ransomware
ip 140.147.170.197 Associated with Rhadamanthus ransomware

No ransom notes