Phobos Ransomware: Analysing associated infrastructure used by 8Base [Wednesday, March 06, 2024]

This report provides an analysis of infrastructure associated with the 8Base ransomware group, which utilizes the Phobos ransomware. The group has ...
Phobos Ransomware: Analysing associated infrastructure used by 8Base [Wednesday, March 06, 2024]
Phobos Ransomware: Analysing associated infrastructure used by 8Base

Phobos Ransomware: Analysing associated infrastructure used by 8Base

Description :
This report provides an analysis of infrastructure associated with the 8Base ransomware group, which utilizes the Phobos ransomware. The group has been highly active since mid-2023, targeting a broad range of sectors and encrypting files with a .8base extension. The report details 45 domains, 22 IP addresses, and 50 malicious file samples linked to 8Base operations. Most of this infrastructure remains undetected, with low VirusTotal detection rates. There was a spike in submissions to VirusTotal in February 2024, likely following a CISA advisory warning about 8Base. The report concludes that this infrastructure remains active and should be monitored for changes that could enable proactive threat detection.

Published Created Modified
2024-03-06 21:11:13 2024-03-06 21:11:13 2024-03-06 21:32:09

Tags

Indicators

IPv4s : Domains : Malwares :
  • SystemBC
  • Smokeloader
Intrusion set :
  • 8Base
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.