Shield Active

Ransomware group first observed in 2019. Uses Sliver C2 for deployment.
PDF Report Back to Groups
0
Total Victims
2019-06-01
First Seen
2026-02-20
Last Seen
0
Known TTPs
6.7d
Avg Delay
0
Negotiations
ONION URLS
7km3ftlasadd4lec6iuz4pc5iukmpppweq6tcafllmptxzv5vnb7cpuw.onion
TOOLS
Sliver C2 Rclone SharpHound SystemBC PowerShell Empire
FILE EXTENSIONS
.dead
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
md5 8777719ffd4b4cdb8927ce5f6ae452e2 Infrastructure linked to Shield
sha1 8b6d0a1eb7b67a54e08b2923d6f0c1313339f8b2 Dropper hash - Shield campaign
btc bc1qy5e3vp1ukpv5f84wr44cqg5z8lq4ih0xh416bm Bitcoin ransom address observed in Shield attacks
ip 174.237.204.115 C2 server IP - Shield campaign

No ransom notes