Ransomware Intelligence

apt73 Ransomware Group

Ransomware group profile

63Victims
Czech RepublicSource country
65Impact score
Also Known As
Bashe
APT73
Apt 73

Description

Eraleign is a high-profile ransomware group that specializes in advanced cyberattacks targeting large organizations for maximum financial gain. Known for their sophisticated encryption methods and double extortion tactics, they employ custom-built malware to infiltrate networks and have shifted their focus towards critical infrastructure and supply chain attacks.

Key insights

  • Utilizes rapid encryption methods and multi-stage infection chains.
  • Targets multiple sectors, especially critical infrastructure and healthcare.
  • Employs double extortion tactics by threatening to leak stolen data.
  • Gains initial access via phishing campaigns and known vulnerabilities.
  • Demonstrates a trend towards leveraging REvil's toolkit and tactics.

Threat Level & Status Breakdown

For apt73 · Based on incidents in selected period

2.2threat level
Aggressiveness5/ 10
Lethality0/ 10
Criticality1.4/ 10

Status Breakdown

Claimed100.0%63
First seenApr 2026
Last seenJul 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJul 15, 2026

Recent activity

Monthly attack count for apt73 in the selected period

63Total attacks
43peak in Apr
15.8avg / month
↓ 35 vs first month
AprMayJunJul015304560

Intelligence

IOCs, YARA/Sigma rules, and related families for apt73

  1. ns2.eraleignews.com
  2. basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion
  3. ns3.eraleignews.com
  4. basheqtvzqwz4vp6ks5lm2ocq7i6tozqgf6vjcasj4ezmsy4bkpshhyd.onion
  5. fleqwmg7xnanypt5km2m75l72q7nlcvlp2m4sdmgjxorsn6tb3zyp3qd.onion
  6. qcgv5tfer4f46ns6ohh72zeyyh5uavoiybypzpt3lmwk5ecyqykptgqd.onion
  7. eraleignews.com
  8. bashe4aec32kr6zbifwd5x6xgjsmhg4tbowrbx4pneqhc5mqooyifpid.onion
  9. wn6vonooq6fggjdgyocp7bioykmfjket7sbp47cwhgubvowwd7ws5pyd.onion
  10. ns4.eraleignews.com
  11. ns1.eraleignews.com
View full IOC feed11 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for apt73

Other

T1486

T1486

T1490

T1490

T1562

T1562

T1040

T1040

T1071

T1071

T1078

T1078

T1059

T1059

T1021

T1021

T1021.001

T1021.001

T1547

T1547

Victims(178)

CompanyDomainCountryIndustryStatusDiscovered
dgcement.comManufacturing
Claimed
10 days ago
dgcement.comdgcement.comPK PakistanManufacturing
Claimed
10 days ago
azarestan.com
Claimed
10 days ago
azarestan.comazarestan.comIR IranOther
Claimed
10 days ago
dgcement.comdgcement.comDZ AlgeriaManufacturing
Claimed
10 days ago
vicentetrapani.com
Claimed
10 days ago
vicentetrapani.comvicentetrapani.comAR ArgentinaProfessional Services
Claimed
10 days ago
azarestan.comazarestan.comIR Iran
Claimed
10 days ago
vicentetrapani.comvicentetrapani.comAR Argentina
Claimed
10 days ago
westernint.comProfessional Services
Claimed
10 days ago
westernint.comwesternint.comProfessional Services
Claimed
10 days ago
westernint.comwesternint.comUS United StatesProfessional Services
Claimed
10 days ago
aydeniz.com
Claimed
13 days ago
aydeniz.comaydeniz.comTR TurkeyProfessional Services
Claimed
13 days ago
aydeniz.comaydeniz.comTR Turkey
Claimed
13 days ago
flazio.comTechnology
Claimed
13 days ago
holidaypalace.comHospitality
Claimed
13 days ago
holidaypalace.comholidaypalace.comES SpainHospitality
Claimed
13 days ago
ritavo.com
Claimed
13 days ago
ritavo.comritavo.comVN VietnamManufacturing
Claimed
13 days ago

Page 1 of 9