Payloadbin
PayloadBIN is a ransomware strain deployed in 2021 by Evil Corp as a rebranding of their WastedLocker/Hades/Phoenix lineage, specifically designed to evade US Treasury OFAC sanctions by impersonating the unrelated Babuk gang's rebrand rather than operating as an independent group.
Victims
29
First Discovered
2021-09-09
victim
Last Discovered
2022-01-06
victim
Inactive Since
4yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
0.0%
victims with domain
Countries
5
hit
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Payload.bin | No | 2026-04-28T07:25:41 |
vbmisqjshn4yblehk2vbnil53tlqklxsdaztgphcilto3vdj4geao5qd.onion
|
Target
Top 5 Activity Sectors
- Business Services 5
- Technology 5
- Healthcare 3
- Consumer Services 2
- Transportation/Logistics 2
Top 5 Countries
-
Australia
2
-
Switzerland
1
-
United States
1
-
Japan
1
-
Viet Nam
1
Heatmap
YARA Rules (1)
Victims (29)
