Thegreenbloodgroup
The Green Blood Group is an emerging ransomware operation first identified in early 2026 whose Go-based Windows payload uses ChaCha8 encryption and aggressively destroys backup and recovery options, targeting organizations in India, Senegal, Egypt, Colombia, and Belgium.
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Yes | 2026-05-13T18:05:54 |
scbrksw5fgjtujc2ah42roo6bij2unr2tggfcynpbql5a7yp3s22taid.onion
|
YARA Rules (1)
Indicators of Compromise (IoCs) (2)
Email
1
tox
1
| Type | IOC |
|---|---|
Email
|
thegreenblood@onionmail.org
|
tox
|
F97A512AA18917444315510B107AB8B46166CAC4E79DB76B849FFE48A67A4B621AB7CC9A1EFB
|