apt73 Ransomware Group
Ransomware group profile
Description
Eraleign is a high-profile ransomware group that specializes in advanced cyberattacks targeting large organizations for maximum financial gain. Known for their sophisticated encryption methods and double extortion tactics, they employ custom-built malware to infiltrate networks and have shifted their focus towards critical infrastructure and supply chain attacks.
Key insights
- •Utilizes rapid encryption methods and multi-stage infection chains.
- •Targets multiple sectors, especially critical infrastructure and healthcare.
- •Employs double extortion tactics by threatening to leak stolen data.
- •Gains initial access via phishing campaigns and known vulnerabilities.
- •Demonstrates a trend towards leveraging REvil's toolkit and tactics.
Threat Level & Status Breakdown
For apt73 · Based on incidents in selected period
Recent activity
Monthly attack count for apt73 in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for apt73
- ns2.eraleignews.com
- basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion
- ns3.eraleignews.com
- basheqtvzqwz4vp6ks5lm2ocq7i6tozqgf6vjcasj4ezmsy4bkpshhyd.onion
- fleqwmg7xnanypt5km2m75l72q7nlcvlp2m4sdmgjxorsn6tb3zyp3qd.onion
- qcgv5tfer4f46ns6ohh72zeyyh5uavoiybypzpt3lmwk5ecyqykptgqd.onion
- eraleignews.com
- bashe4aec32kr6zbifwd5x6xgjsmhg4tbowrbx4pneqhc5mqooyifpid.onion
- wn6vonooq6fggjdgyocp7bioykmfjket7sbp47cwhgubvowwd7ws5pyd.onion
- ns4.eraleignews.com
- ns1.eraleignews.com
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for apt73
T1486
T1486
T1490
T1490
T1562
T1562
T1040
T1040
T1071
T1071
T1078
T1078
T1059
T1059
T1021
T1021
T1021.001
T1021.001
T1547
T1547
Victims(178)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| dgcement.com | — | — | Manufacturing | Claimed | 10 days ago | |
| dgcement.com | dgcement.com | PK Pakistan | Manufacturing | Claimed | 10 days ago | |
| azarestan.com | — | — | — | Claimed | 10 days ago | |
| azarestan.com | azarestan.com | IR Iran | Other | Claimed | 10 days ago | |
| dgcement.com | dgcement.com | DZ Algeria | Manufacturing | Claimed | 10 days ago | |
| vicentetrapani.com | — | — | — | Claimed | 10 days ago | |
| vicentetrapani.com | vicentetrapani.com | AR Argentina | Professional Services | Claimed | 10 days ago | |
| azarestan.com | azarestan.com | IR Iran | — | Claimed | 10 days ago | |
| vicentetrapani.com | vicentetrapani.com | AR Argentina | — | Claimed | 10 days ago | |
| westernint.com | — | — | Professional Services | Claimed | 10 days ago | |
| westernint.com | westernint.com | — | Professional Services | Claimed | 10 days ago | |
| westernint.com | westernint.com | US United States | Professional Services | Claimed | 10 days ago | |
| aydeniz.com | — | — | — | Claimed | 13 days ago | |
| aydeniz.com | aydeniz.com | TR Turkey | Professional Services | Claimed | 13 days ago | |
| aydeniz.com | aydeniz.com | TR Turkey | — | Claimed | 13 days ago | |
| flazio.com | — | — | Technology | Claimed | 13 days ago | |
| holidaypalace.com | — | — | Hospitality | Claimed | 13 days ago | |
| holidaypalace.com | holidaypalace.com | ES Spain | Hospitality | Claimed | 13 days ago | |
| ritavo.com | — | — | — | Claimed | 13 days ago | |
| ritavo.com | ritavo.com | VN Vietnam | Manufacturing | Claimed | 13 days ago |
Page 1 of 9
Affected countries(62)
Countries where this group has been reported to target or leak victims.