{
  "name": "Inside the Dragon: DragonForce Ransomware Group",
  "slug": "inside-the-dragon-dragonforce-ransomware-group",
  "description": "In this blog, Group-IB delves into the inner workings of the DragonForce ransomware group. Discovered in August 2023, DragonForce has been targeting companies in critical sectors using a variant of a leaked LockBit3.0 builder, and more recently in July 2024 with their own variant of ransomware.  DragonForce operates a Ransomware-as-a-Service (RaaS) affiliate program utilizing a variant of LockBit3.0, and the other, though initially claimed as original, is based on ContiV3. The group employs double extortion tactics, encrypting data, and threatening leaks unless a ransom is paid.",
  "published": "2024-09-27T11:43:53+00:00",
  "created_at": "2024-09-27T11:43:53+00:00",
  "modified_at": "2024-09-27T12:11:40+00:00",
  "created_at_opencti": "2024-09-27T11:43:53+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-09-27",
    "dragonforce",
    "lockbit3.0"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "185.59.221.75"
      },
      {
        "id": "",
        "name": "69.4.234.20"
      },
      {
        "id": "",
        "name": "2.147.68.96"
      },
      {
        "id": "",
        "name": "94.232.46.202"
      },
      {
        "id": "",
        "name": "185.73.125.8"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:146df6acefcef13a",
        "name": "Conti",
        "slug": "conti"
      },
      {
        "id": "legacy:malware:c41ccc9bf868641a",
        "name": "Lockbit",
        "slug": "lockbit"
      }
    ],
    "intrusion_sets": [
      {
        "id": "a63d97b5-8199-4473-a37a-2ef8956ad332",
        "name": "DragonForce",
        "slug": "dragonforce"
      }
    ],
    "attack_patterns": [
      {
        "id": "985513c3-6e7b-441f-87f7-7923e1758e9c",
        "name": "T1078.002"
      },
      {
        "id": "b15c00da-c412-4429-900c-659de612baf5",
        "name": "T1543.003"
      },
      {
        "id": "32b33067-6566-4b8d-be80-e96f765d84de",
        "name": "T1059.001"
      },
      {
        "id": "5999052b-e9ae-49e8-9235-d9bf975c22af",
        "name": "T1547.001"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Healthcare"
      },
      {
        "id": "",
        "name": "Transportation"
      },
      {
        "id": "",
        "name": "Manufacturing"
      }
    ]
  },
  "external_refs": [
    "https://www.group-ib.com/blog/dragonforce-ransomware/",
    "https://otx.alienvault.com/pulse/66f6b69a252c15406f138d12"
  ]
}