WraithGroup Active

Ransomware group first observed in 2020. Uses AnyDesk for deployment.
PDF Report Back to Groups
0
Total Victims
2020-06-01
First Seen
2026-03-05
Last Seen
0
Known TTPs
5.6d
Avg Delay
0
Negotiations
ONION URLS
prxl2zcegeqntzwnawjufmvukch4r6o2awuu7o3rpiic6thdfg2n57qm.onion
TOOLS
AnyDesk Brute Ratel LaZagne ScreenConnect
FILE EXTENSIONS
.dark
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
ip 62.225.166.207 C2 server IP observed in WraithGroup attacks
ip 177.175.251.105 C2 server IP - WraithGroup campaign
email info994@cock.li Contact email - WraithGroup campaign
btc bc1qnq54s8sl3swvte1dyffnxj6760tbmf6p9ghuzs Infrastructure linked to WraithGroup
tox 33FA4A7805DAF798C48CAE3DF6CCAFF1BBAB5E64E7DE0F3EEEC073FACADDBF43EBD9B7DBA6B9 Associated with WraithGroup ransomware
ip 181.83.2.89 C2 server IP - WraithGroup campaign

No ransom notes