Ruby Inactive

Ransomware group first observed in 2018. Uses Mimikatz for deployment.
PDF Report Back to Groups
0
Total Victims
2018-07-01
First Seen
2022-09-28
Last Seen
0
Known TTPs
5.4d
Avg Delay
0
Negotiations
ONION URLS
35lj2inmf7awxppsmbdviekqpi6z5b3k2nedcwsackd5gt7rdqcgcaqk.onion
TOOLS
Mimikatz ngrok IcedID
FILE EXTENSIONS
.gone
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
ip 52.149.195.78 C2 server IP - Ruby campaign
sha256 2b4ecaa3527a759dfcacb3c023c062c082c61ab3f1607baab0ddde34a4d5b07d Infrastructure linked to Ruby
md5 3b0b07ddcdb57364e87249765f785a90 Malware sample hash observed in Ruby attacks
md5 c8e797b8cc7bd90377f73e1838e414e1 Malware sample hash observed in Ruby attacks

No ransom notes