Darkside
| RaaS
Darkside ransomware group has started its operation in August of 2020 with the model of RaaS (Ransomware-as-a-Service). They have become known for their operations of large ransoms scale. They have announced that they prefer not to attack hospitals, schools, non-profits, and governments, but rather big organizations that can be able to pay large ransoms. Darkside ransomware group became very famous following the cyberattack of the Colonial Pipeline and Toshiba unit. The FBI finally terminate the Darkside operation and Managed to pull money from their wallets back.
Victims
10
First Discovered
2020-08-01
victim
Last Discovered
2021-05-13
victim
Inactive Since
4yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
N/A
victims with domain
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
None | No | 2025-06-01 21:18:32 | darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion |
Target (Available)
Top 5 Activity Sectors
- Commercial Facilities 3
- Transportation Systems 2
- Food and Agriculture 1
- Energy 1
- Information Technology 1
Top 5 Countries
-
Canada
2
-
Italy
1
-
Brazil
1
-
United States
1
-
United Kingdom
1
Heatmap (Available)
Ransom Notes (1)
Tools Used (Available)
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
ADRecon
AdFind
Advanced IP Scanner
SoftPerfect NetScan
|
AnyDesk
GoToAssist
TightVNC
|
|
Mimikatz
SessionGopher
|
Cobalt Strike
CrackMapExec
Impacket
PowerSploit
|
Plink
|
PsExec
|
Bashupload
MEGA
pCloud
RClone
Sendspace
|
Vulnerabilities Exploited (0)
No vulnerabilities exploited available.
TTPs Matrix (0)
No TTPs available.
Negotiation Chats (5)
YARA Rules (1)
Indicators of Compromise (IoCs) (0)
No IoCs available for this group.
Victims (10)
