RuinStorm Defunct

Ransomware group first observed in 2023. Uses SharpHound for deployment.
PDF Report Back to Groups
0
Total Victims
2023-06-01
First Seen
2025-09-05
Last Seen
21
Known TTPs
9.4d
Avg Delay
0
Negotiations
ONION URLS
ol5fgail5qcqslwdv6kyf7t2jbvd32m7xgstkelytdg4kdqwcvz4utqt.onion
TOOLS
SharpHound Rubeus Cloudflare Tunnel IcedID LaZagne
FILE EXTENSIONS
.oops
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1005 Data from Local System Collection
T1090 Proxy Command and Control
T1105 Ingress Tool Transfer Command and Control
T1003.003 NTDS Credential Access
T1110.001 Password Guessing Credential Access
T1552.001 Credentials In Files Credential Access
T1558.003 Kerberoasting Credential Access
T1055 Process Injection Defense Evasion
T1562.004 Disable or Modify System Firewall Defense Evasion
T1049 System Network Connections Discovery Discovery
T1059.003 Windows Command Shell Execution
T1059.005 Visual Basic Execution
T1059.006 Python Execution
T1204.001 Malicious Link Execution
T1041 Exfiltration Over C2 Channel Exfiltration
T1490 Inhibit System Recovery Impact
T1491.001 Internal Defacement Impact
T1529 System Shutdown/Reboot Impact
T1133 External Remote Services Initial Access
T1021.002 SMB/Windows Admin Shares Lateral Movement
T1547.009 Shortcut Modification Persistence

No YARA rules

No IoCs

No ransom notes