PanelActoresCampanasMapaTTPs
Panel » Actores » payloadbin
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
payloadbin logo

payloadbin

1 incidentes 1 paises 0 sectores ransomware RU Ultimo: 2026-06-25
Ver en IntelTracker → APTTrail →
PayloadBIN is a ransomware group that emerged in June 2021, primarily operating as a rebranding effort by the established cybercrime group Evil Corp. This strategic shift was undertaken to circumvent US sanctions previously imposed on Evil Corp, which is also known by the aliases Indrik Spider and the Dridex gang. PayloadBIN achieved this by impersonating the Babuk ransomware group, whose data leak site had undergone a redesign around the same period. The group's core motivation is financial gain through cyber extortion, employing double extortion tactics. Their distinctiveness lies in this calculated impersonation strategy, which allowed Evil Corp to continue its ransomware operations, previously conducted under names such as WastedLocker, Hades, and Phoenix, while attempting to evade detection and sanctions.
Malware asociado
Donut, Dridex, Mimikatz, WastedLocker
Tecnicas MITRE
T1036.005, T1105, T1562, T1585, T1552, T1059.007

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises afectados

United States (1)

Paises objetivo (SOCRadar)

United Arab EmiratesArgentinaAustraliaBrazilCanadaSwitzerlandChileChinaColombiaGermany

Sectores objetivo (SOCRadar)

Construction of BuildingsSoftware PublishersReal EstateHospitalsEnterprises & HoldingAccommodationAir TransportationManufacturingConstructionPublic Administration

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com