RuptureBit Active

Ransomware group first observed in 2018. Uses ConnectWise for deployment.
PDF Report Back to Groups
1
Total Victims
2018-03-01
First Seen
2026-03-07
Last Seen
8
Known TTPs
40.7d
Avg Delay
0
Negotiations
ONION URLS
w3ofqp4hloruhjfpiwtrg2bhx2ltdgu6vmzynihiadurnye5ynqwfsqw.onion
TOOLS
ConnectWise Mimikatz Rubeus Certify BloodHound
FILE EXTENSIONS
.encrypted
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
2026-03-07 Peak Financial Canada Media Published
Technique ID Technique Name Tactic
T1219 Remote Access Software Command and Control
T1110.003 Password Spraying Credential Access
T1069 Permission Groups Discovery Discovery
T1083 File and Directory Discovery Discovery
T1204.002 Malicious File Execution
T1531 Account Access Removal Impact
T1189 Drive-by Compromise Initial Access
T1080 Taint Shared Content Lateral Movement

No YARA rules

No IoCs

No ransom notes