apt73/bashe
Ransomware group profile
Description
Eraleign is a high-profile ransomware group that specializes in advanced cyberattacks targeting large organizations for maximum financial gain. Known for their sophisticated encryption methods and double extortion tactics, they employ custom-built malware to infiltrate networks and have shifted their focus towards critical infrastructure and supply chain attacks.
Key insights
- •Utilizes rapid encryption methods and multi-stage infection chains.
- •Targets multiple sectors, especially critical infrastructure and healthcare.
- •Employs double extortion tactics by threatening to leak stolen data.
- •Gains initial access via phishing campaigns and known vulnerabilities.
- •Demonstrates a trend towards leveraging REvil's toolkit and tactics.
Threat Level & Status Breakdown
For apt73/bashe · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for apt73/bashe in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for apt73/bashe
- ns2.eraleignews.com
- basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion
- ns3.eraleignews.com
- basheqtvzqwz4vp6ks5lm2ocq7i6tozqgf6vjcasj4ezmsy4bkpshhyd.onion
- fleqwmg7xnanypt5km2m75l72q7nlcvlp2m4sdmgjxorsn6tb3zyp3qd.onion
- qcgv5tfer4f46ns6ohh72zeyyh5uavoiybypzpt3lmwk5ecyqykptgqd.onion
- eraleignews.com
- bashe4aec32kr6zbifwd5x6xgjsmhg4tbowrbx4pneqhc5mqooyifpid.onion
- wn6vonooq6fggjdgyocp7bioykmfjket7sbp47cwhgubvowwd7ws5pyd.onion
- ns4.eraleignews.com
- ns1.eraleignews.com
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for apt73/bashe
T1486
T1486
T1490
T1490
T1562
T1562
T1040
T1040
T1071
T1071
T1078
T1078
T1059
T1059
T1021
T1021
T1021.001
T1021.001
T1547
T1547
Victims(46)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| smarty.arpinet.am | — | AM Armenia | Technology | Claimed | 16 days ago | |
| elections.mia.gov.am from WOLVES OF TURAN | — | AM Armenia | Government & Defense | Claimed | 17 days ago | |
| tkgm.gov.tr | — | TR Turkey | Government & Defense | Claimed | 28 days ago | |
| minsa.com.mx | minsa.com.mx | MX Mexico | Manufacturing | Claimed | 28 days ago | |
| tvnmedia.com | — | PA Panama | Technology | Claimed | 28 days ago | |
| alkaloid.com.mk | — | MK North Macedonia | Healthcare | Claimed | 29 days ago | |
| narit.or.th | — | TH Thailand | Government & Defense | Claimed | 29 days ago | |
| grupopetersen.com.ar | grupopetersen.com.ar | AR Argentina | Financial Services | Claimed | 29 days ago | |
| ungererandcompany.com | — | US United States | Manufacturing | Claimed | 29 days ago | |
| medikaplaza.com | — | ID Indonesia | Manufacturing | Claimed | about 2 months ago | |
| jgpetrucci.com | — | US United States | Professional Services | Claimed | about 2 months ago | |
| providentgh.com | providentgh.com | GH Ghana | Financial Services | Claimed | about 2 months ago | |
| grupo-principal.com | — | MX Mexico | Retail & E-Commerce | Claimed | about 2 months ago | |
| cofaco.com | — | PE Peru | Retail & E-Commerce | Claimed | about 2 months ago | |
| dunav.com | — | RS Serbia | Financial Services | Claimed | about 2 months ago | |
| algosaibi-gtb.com | — | SA Saudi Arabia | Healthcare | Claimed | about 2 months ago | |
| alx-pc.com | — | EG Egypt | Energy & Utilities | Claimed | about 2 months ago | |
| arrawdah.org.sa | — | SA Saudi Arabia | Healthcare | Claimed | about 2 months ago | |
| ifmis.go.ke | — | KE Kenya | Government & Defense | Claimed | 2 months ago | |
| whessoe.com.my | — | MY Malaysia | Manufacturing | Claimed | 2 months ago |
Page 1 of 3
Affected countries(49)
Countries where this group has been reported to target or leak victims.