Darkside
Darkside ransomware group has started its operation in August of 2020 with the model of RaaS (Ransomware-as-a-Service). They have become known for their operations of large ransoms scale. They have announced that they prefer not to attack hospitals, schools, non-profits, and governments, but rather big organizations that can be able to pay large ransoms. Darkside ransomware group became very famous following the cyberattack of the Colonial Pipeline and Toshiba unit. The FBI finally terminate the Darkside operation and Managed to pull money from their wallets back.
External information
Victims
10
First Discovered
victim2020-08-01
Last Discovered
victim2021-05-13
Avg Delay
between attack and claimN/A
Infostealer
for victim with domainN/A
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | FQDN | |
|---|---|---|---|---|---|---|
|
None | No | 2025-06-01 21:18:32 | darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion |
Target (Available)
Top 5 Activity Sectors
- Commercial Facilities 3
- Transportation Systems 2
- Food and Agriculture 1
- Energy 1
- Information Technology 1
Top 5 Countries
-
Canada
2
-
Italy
1
-
Brazil
1
-
United States
1
-
United Kingdom
1
Heatmap (Available)
Ransom Notes (1)
Tools Used (Available)
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
ADRecon
AdFind
Advanced IP Scanner
SoftPerfect NetScan
|
AnyDesk
GoToAssist
TightVNC
|
|
Mimikatz
SessionGopher
|
Cobalt Strike
CrackMapExec
Impacket
PowerSploit
|
Plink
|
PsExec
|
Bashupload
MEGA
pCloud
RClone
Sendspace
|
Vulnerabilities Exploited (0)
No vulnerabilities exploited available.
TTPs Matrix (0)
No TTPs available.
Negotiation Chats (5)
YARA Rules (1)
Indicators of Compromise (IoCs) (0)
No IoCs available for this group.
