Uptime Hamster: 0d 0h 0mDeploy: 5 Jul 2026 10:25Updated: 2026-07-10
Logo del actor de amenaza DragonForce

DragonForce

1 incidentes 1 paises 1 sectores ransomware MY Ultimo: 2026-06-18
Aliases: Water Tambanakua
Ver en IntelTracker → APTTrail →
DragonForce is a financially motivated ransomware-as-a-service (RaaS) group that emerged in August 2023, pivoting from an earlier pro-Palestinian hacktivist collective known as DragonForce Malaysia, which dates back to 2021. The group rapidly evolved its operational model, launching an affiliate program in June 2024 and rebranding as a "ransomware cartel" in 2025. This group is distinguished by its hybrid motivation, blending geopolitical hacktivism with significant financial extortion, and its sophisticated affiliate ecosystem that utilizes customized ransomware variants derived from leaked LockBit 3.0 and Conti V3 codebases. DragonForce stands out for its advanced defense evasion techniques, such as the use of "Bring Your Own Vulnerable Driver" (BYOVD) attacks, and novel methods like weaponizing Microsoft Teams relays for command and control. The group has been observed collaborating with other threat actors, notably Scattered Spider, who may act as initial access brokers for DragonF

Aliases del actor

Water Tambanakua

Actores similares

Aoqin Dragonapt · 1Night Dragonapt · 1night-dragonactor · 1aoqin-dragonactor · 1sharp-dragon--chkptactor · 1Amaranth-Dragonapt · 0Camaro Dragonapt · 0Moshen Dragonapt · 0Operation Dragon Castlingapt · 0blackwaterransomware · 11

Canales, DLS e infraestructura asociada

Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.

TipoEstadoHost / enlaceTitle / ultimo titulo
Repositoriounknowngithub.comDragonForce
DLS / leak siteunknownraw.githubusercontent.comDragonForce
DLS / leak siteunknownnews.sophos.comDragonForce
DLS / leak siteunknownwww.trendmicro.comBushidoUK ToolMatrix GroupProfiles: DragonForce
DLS / leak siteunknownccb.belgium.beDragonForce
Repositoriounknowngithub.comBushidoUK ToolMatrix GroupProfiles: DragonForce
Repositorioupgithub.comBushidoUK ToolMatrix CommunityReports: CR-023-DRAGONFORCE-AUG-2024
DLS / leak siteunknownwww.group-ib.comBushidoUK ToolMatrix GroupProfiles: DragonForce
Repositorioupgithub.comBushidoUK ToolMatrix CommunityReports: CR-021-DRAGONFORCE-APR-2025
DLS / onionupz3wqngtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onionBushidoUK ToolMatrix CommunityReports: CR-021-DRAGONFORCE-APR-2025
DLS / onionup3pktcrcbmssvrnwe5skburdwe2h3v6lbdnn5kbjqihsg6eu6s6b7ryqd.onionBushidoUK ToolMatrix CommunityReports: CR-021-DRAGONFORCE-APR-2025
DLS / leak siteupwww.bleepingcomputer.comBushidoUK ToolMatrix CommunityReports: CR-021-DRAGONFORCE-APR-2025
DLS / leak siteupzensec.co.ukBushidoUK ToolMatrix CommunityReports: CR-021-DRAGONFORCE-APR-2025
Repositorioupgithub.comBushidoUK ToolMatrix CommunityReports: CR-021-DRAGONFORCE-APR-2025
DLS / leak siteupwww.huntress.comBushidoUK ToolMatrix CommunityReports: CR-021-DRAGONFORCE-APR-2025
Repositorioupgithub.comBushidoUK ToolMatrix CommunityReports: CR-022-DRAGONFORCE-FEB-2026
DLS / leak siteupwww.softperfect.comBushidoUK ToolMatrix CommunityReports: CR-022-DRAGONFORCE-FEB-2026
Repositorioupgithub.comBushidoUK ToolMatrix CommunityReports: CR-023-DRAGONFORCE-AUG-2024
DLS / leak siteup86[.]106.20.194BushidoUK ToolMatrix CommunityReports: CR-023-DRAGONFORCE-AUG-2024
Repositorioupgithub.comBushidoUK ToolMatrix CommunityReports: CR-023-DRAGONFORCE-AUG-2024
DLS / leak siteupwww.pingcastle.comBushidoUK ToolMatrix CommunityReports: CR-023-DRAGONFORCE-AUG-2024
DLS / leak siteunknowntemp.shAdvanced Medical Consultants
DLS / leak siteunknownransomware.anggipradana.comRansomware Group: dragonforce
DLS / onionunknown3pktcrcbmssvrnwe5skburdwe2h3v6ibdnn5kbjqihsg6eu6s6b7ryqd.onionstni.co.kr
Tecnicas MITRE
T1071.001, T1499, T1569.002
CVEs relacionadas
CVE-2025-6264, CVE-2025-59287, CVE-2025-47176, CVE-2025-47171, CVE-2024-57728, CVE-2024-57727
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises afectados

United Kingdom (1)

Paises objetivo (SOCRadar)

United Arab EmiratesAlbaniaArgentinaAustriaAustraliaBangladeshBelgiumBulgariaBahrainBrazil

Sectores atacados

Media (1)

Sectores objetivo (SOCRadar)

Construction of BuildingsFood ManufacturingOther Information ServicesMonetary Authorities-Central BankRail TransportationSoftware PublishersReal EstateHospitalsTransportation Equipment ManufacturingEnterprises & Holding

URLs nuevas detectadas en IntelTracker

github.com raw.githubusercontent.com ransomware.anggipradana.com 3pktcrcbmssvrnwe5skburdwe2h3v6ibdnn5kbjqihsg6eu6s6b7ryqd.onion dragonforxxbp3awc7mzs5dkswrua3znqyx5roefmi4smjrsdi22xwqd.onion z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion