apt73
Ransomware group profile
Description
Eraleign is a high-profile ransomware group that specializes in advanced cyberattacks targeting large organizations for maximum financial gain. Known for their sophisticated encryption methods and double extortion tactics, they employ custom-built malware to infiltrate networks and have shifted their focus towards critical infrastructure and supply chain attacks.
Key insights
- •Utilizes rapid encryption methods and multi-stage infection chains.
- •Targets multiple sectors, especially critical infrastructure and healthcare.
- •Employs double extortion tactics by threatening to leak stolen data.
- •Gains initial access via phishing campaigns and known vulnerabilities.
- •Demonstrates a trend towards leveraging REvil's toolkit and tactics.
Threat Level & Status Breakdown
For apt73 · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for apt73 in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for apt73
- ns2.eraleignews.com
- basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion
- ns3.eraleignews.com
- basheqtvzqwz4vp6ks5lm2ocq7i6tozqgf6vjcasj4ezmsy4bkpshhyd.onion
- fleqwmg7xnanypt5km2m75l72q7nlcvlp2m4sdmgjxorsn6tb3zyp3qd.onion
- qcgv5tfer4f46ns6ohh72zeyyh5uavoiybypzpt3lmwk5ecyqykptgqd.onion
- eraleignews.com
- bashe4aec32kr6zbifwd5x6xgjsmhg4tbowrbx4pneqhc5mqooyifpid.onion
- wn6vonooq6fggjdgyocp7bioykmfjket7sbp47cwhgubvowwd7ws5pyd.onion
- ns4.eraleignews.com
- ns1.eraleignews.com
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for apt73
T1486
T1486
T1490
T1490
T1562
T1562
T1040
T1040
T1071
T1071
T1078
T1078
T1059
T1059
T1021
T1021
T1021.001
T1021.001
T1547
T1547
Victims(144)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| smarty.arpinet.am | — | — | Technology | Claimed | 16 days ago | |
| smarty.arpinet.am | — | AM Armenia | Technology | Claimed | 16 days ago | |
| smarty.arpinet.am | smarty.arpinet.am | AM Armenia | Technology | Claimed | 16 days ago | |
| elections.mia.gov.am from WOLVES OF TURAN | — | AM Armenia | Government & Defense | Claimed | 17 days ago | |
| elections.mia.gov.am from WOLVES OF TURAN | — | AM Armenia | Government & Defense | Claimed | 17 days ago | |
| elections.mia.gov.am from WOLVES OF TURAN | — | AM Armenia | Government & Defense | Claimed | 17 days ago | |
| tkgm.gov.tr | — | TR Turkey | Government & Defense | Claimed | 28 days ago | |
| tkgm.gov.tr | — | TR Turkey | Government & Defense | Claimed | 28 days ago | |
| minsa.com.mx | — | MX Mexico | Manufacturing | Claimed | 28 days ago | |
| tkgm.gov.tr | tkgm.gov.tr | TR Turkey | Government & Defense | Claimed | 28 days ago | |
| minsa.com.mx | minsa.com.mx | MX Mexico | Manufacturing | Claimed | 28 days ago | |
| minsa.com.mx | minsa.com.mx | MX Mexico | Manufacturing | Claimed | 28 days ago | |
| tvnmedia.com | — | PA Panama | Technology | Claimed | 28 days ago | |
| tvnmedia.com | — | PA Panama | Technology | Claimed | 28 days ago | |
| tvnmedia.com | tvnmedia.com | PL Poland | Technology | Claimed | 28 days ago | |
| grupopetersen.com.ar | — | AR Argentina | Financial Services | Claimed | 29 days ago | |
| alkaloid.com.mk | — | MK North Macedonia | Healthcare | Claimed | 29 days ago | |
| alkaloid.com.mk | — | MK North Macedonia | Healthcare | Claimed | 29 days ago | |
| narit.or.th | — | TH Thailand | Government & Defense | Claimed | 29 days ago | |
| narit.or.th | — | TH Thailand | Government & Defense | Claimed | 29 days ago |
Page 1 of 8
Affected countries(49)
Countries where this group has been reported to target or leak victims.