Onepercent
OnePercent Group is a cybercriminal operation active since at least November 2020 that targeted US organizations using phishing with IcedID trojans, Cobalt Strike, and double-extortion, threatening a "one percent leak" of data before escalating to a full dump or sale to REvil; the FBI issued a formal flash advisory in August 2021.
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
No | 2026-05-14T01:42:29 |
5mvifa3xq5m7sou3xzaajfz7h6eserp5fnkwotohns5pgbb5oxty3zad.onion
|
Tools Used
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
|
|
|
BetterSafetyKatz
Mimikatz
SharpKatz
|
Cobalt Strike
SharpSploit
|
|
|
RClone
|