TombDark Active

Ransomware group first observed in 2018. Uses TeamViewer for deployment.
PDF Report Back to Groups
0
Total Victims
2018-10-01
First Seen
2026-01-09
Last Seen
17
Known TTPs
39.4d
Avg Delay
0
Negotiations
ONION URLS
wflud6shfhsvptgqwzom7ehevpvofdzhydoh3vm447kcn7jjws5evjbw.onion
TOOLS
TeamViewer Chisel
FILE EXTENSIONS
.pwned
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1071.001 Web Protocols Command and Control
T1110.001 Password Guessing Credential Access
T1110.003 Password Spraying Credential Access
T1140 Deobfuscate/Decode Files Defense Evasion
T1562.001 Disable or Modify Tools Defense Evasion
T1087 Account Discovery Discovery
T1135 Network Share Discovery Discovery
T1047 Windows Management Instrumentation Execution
T1059.001 PowerShell Execution
T1204.002 Malicious File Execution
T1485 Data Destruction Impact
T1491.001 Internal Defacement Impact
T1529 System Shutdown/Reboot Impact
T1561.001 Disk Wipe Impact
T1078 Valid Accounts Initial Access
T1195.002 Compromise Software Supply Chain Initial Access
T1021.001 Remote Desktop Protocol Lateral Movement

No YARA rules

No IoCs

No ransom notes