apt73/bashe
Ransomware group profile
49Victims
Czech RepublicSource country
65Impact score
Also Known As
Bashe
APT73
Apt 73
Description
Eraleign is a high-profile ransomware group that specializes in advanced cyberattacks targeting large organizations for maximum financial gain. Known for their sophisticated encryption methods and double extortion tactics, they employ custom-built malware to infiltrate networks and have shifted their focus towards critical infrastructure and supply chain attacks.
Key insights
- •Utilizes rapid encryption methods and multi-stage infection chains.
- •Targets multiple sectors, especially critical infrastructure and healthcare.
- •Employs double extortion tactics by threatening to leak stolen data.
- •Gains initial access via phishing campaigns and known vulnerabilities.
- •Demonstrates a trend towards leveraging REvil's toolkit and tactics.
Threat Level & Status Breakdown
For apt73/bashe · Based on incidents in selected period
3.4threat level
Aggressiveness8/ 10
Lethality0/ 10
Criticality2/ 10
Status Breakdown
Claimed100.0%49
First seenJan 2026
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 23, 2026
Recent activity
Monthly attack count for apt73/bashe in the selected period
49Total attacks
17peak in Mar
8.2avg / month
↑ 3 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for apt73/bashe
- ns2.eraleignews.com
- basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion
- ns3.eraleignews.com
- basheqtvzqwz4vp6ks5lm2ocq7i6tozqgf6vjcasj4ezmsy4bkpshhyd.onion
- fleqwmg7xnanypt5km2m75l72q7nlcvlp2m4sdmgjxorsn6tb3zyp3qd.onion
- qcgv5tfer4f46ns6ohh72zeyyh5uavoiybypzpt3lmwk5ecyqykptgqd.onion
- eraleignews.com
- bashe4aec32kr6zbifwd5x6xgjsmhg4tbowrbx4pneqhc5mqooyifpid.onion
- wn6vonooq6fggjdgyocp7bioykmfjket7sbp47cwhgubvowwd7ws5pyd.onion
- ns4.eraleignews.com
- ns1.eraleignews.com
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for apt73/bashe
Other
T1486
T1486
T1490
T1490
T1562
T1562
T1040
T1040
T1071
T1071
T1078
T1078
T1059
T1059
T1021
T1021
T1021.001
T1021.001
T1547
T1547
Victims(49)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| kliknklik.com | kliknklik.com | ID Indonesia | Retail & E-Commerce | Claimed | 2 days ago | |
| gov.br | gov.br | BR Brazil | Government & Defense | Claimed | 2 days ago | |
| viennaairport.com | viennaairport.com | AT Austria | Transportation | Claimed | 2 days ago | |
| smarty.arpinet.am | smarty.arpinet.am | AM Armenia | Technology | Claimed | 22 days ago | |
| elections.mia.gov.am from WOLVES OF TURAN | elections.mia.gov.am | AM Armenia | Government & Defense | Claimed | 23 days ago | |
| tkgm.gov.tr | tkgm.gov.tr | TR Turkey | Government & Defense | Claimed | about 1 month ago | |
| minsa.com.mx | minsa.com.mx | MX Mexico | Manufacturing | Claimed | about 1 month ago | |
| tvnmedia.com | tvnmedia.com | PA Panama | Technology | Claimed | about 1 month ago | |
| alkaloid.com.mk | alkaloid.com.mk | MK North Macedonia | Healthcare | Claimed | about 1 month ago | |
| narit.or.th | narit.or.th | TH Thailand | Government & Defense | Claimed | about 1 month ago | |
| grupopetersen.com.ar | grupopetersen.com.ar | AR Argentina | Financial Services | Claimed | about 1 month ago | |
| ungererandcompany.com | ungererandcompany.com | US United States | Manufacturing | Claimed | about 1 month ago | |
| medikaplaza.com | — | ID Indonesia | Manufacturing | Claimed | about 2 months ago | |
| jgpetrucci.com | — | US United States | Professional Services | Claimed | about 2 months ago | |
| providentgh.com | providentgh.com | GH Ghana | Financial Services | Claimed | about 2 months ago | |
| grupo-principal.com | — | MX Mexico | Retail & E-Commerce | Claimed | about 2 months ago | |
| cofaco.com | — | PE Peru | Retail & E-Commerce | Claimed | about 2 months ago | |
| dunav.com | — | RS Serbia | Financial Services | Claimed | about 2 months ago | |
| algosaibi-gtb.com | — | SA Saudi Arabia | Healthcare | Claimed | about 2 months ago | |
| alx-pc.com | — | EG Egypt | Energy & Utilities | Claimed | about 2 months ago |
Page 1 of 3
Affected countries(52)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇲Armenia🇦🇷Argentina🇦🇺Australia🇧🇩Bangladesh🇧🇪Belgium🇧🇬Bulgaria🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇴Colombia🇩🇪Germany🇩🇴Dominican Republic🇪🇬Egypt🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇬🇭Ghana🇭🇰Hong Kong🇭🇷Croatia🇮🇩Indonesia🇮🇳India🇰🇪Kenya🇱🇷Liberia🇲🇦MoroccoMoldova, Republic ofMacedonia, the Former Yugoslav Republic of🇲🇷Mauritania🇲🇹Malta🇲🇽Mexico🇲🇾Malaysia🇵🇦Panama🇵🇪Peru🇵🇭Philippines🇵🇱PolandPalestine, State of🇵🇹Portugal🇵🇾Paraguay🇷🇴Romania🇷🇸Serbia🇸🇦Saudi Arabia🇸🇨Seychelles🇸🇬Singapore🇸🇰Slovakia🇹🇭Thailand🇹🇷Turkey🇺🇸United States🇺🇾Uruguay🇻🇳Vietnam🇾🇪Yemen🇿🇦South Africa