Icarus
Ransomware group profile
11Victims
48Impact score
Description
Icarus is a newly emergent ransomware group first encountered in April 2026, distinguished from the earlier Icarus Stealer malware. The group's operations revolve around financial gain through the exploitation of sensitive data, positioning itself as a data broker engaged in extortion tactics.
Key insights
- •Icarus engages in double extortion and free data leaks to pressure victims into compliance.
- •The group's primary goal is financial profit from the sale or leakage of stolen data.
- •Targets include sensitive data such as personally identifiable information, source code, and KYC documents.
- •Icarus utilizes bespoke malware for ransomware deployment, with detailed attack vectors not yet disclosed.
Threat Level & Status Breakdown
For Icarus · Based on incidents in selected period
3.3threat level
Aggressiveness8/ 10
Lethality0.8/ 10
Criticality0.8/ 10
Status Breakdown
Data Leaked18.2%2
First seenJun 2026
Last seenJun 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 23, 2026
Recent activity
Monthly attack count for Icarus in the selected period
11Total attacks
11peak in Jun
11avg / month
Intelligence
IOCs, YARA/Sigma rules, and related families for Icarus
- 9d5d80254ca4e07a60f8b88b8515c9c580ca83af6e017079d7bf3ab08294522c
- 0962291d6d367570bee5454721c17e11
- d0d388f3865d0523e451d6ba0be34cc4
- ea671475338ad6fe402471d7d8d4ef1281f73757aa24a90655f4d914cbe849ac
- 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
- 2aa9e263ee3796d9ce358460a2451b4c
- 3cedfb74d44f2e84198d23075aef16c34a668ceb
- 87e8230a9ca3f0c5ccfa56f70276e2f2
- 6b0c78f990bb89a5c85456dab55966f178d309dae196077e1c562ce1f59ff72c
- 207b3a7e6a8d72072a5f56a138ac8e991305441d
- cf89d16bb9107c631daabf0c0ee58efb
- af7ae505a9eed503f8b8e6982036873e
- 40ab50289f7ef5fae60801f88d4541fc
- f13c557ec3821f8c574b2ba4209b8f7c7716e5a062b7aa461f7ae6c913f912c0
- c3c07ce24fc4ef27633d42f220cb81275f73004c45177c6f501cc9af61d73cb1
- 534e5f914ae99bf0a342a2f7a7e0724bd0d11ef7
- ee497cc061d6a7a59bb66defea65f9a8145ba240
- ee002cb9e51bb8dfa89640a406a1090a
- 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
- 47b54312b5cb65ce9f9bab1285f556066fc209f95976e493e414072167406768
- 551efcdd93ecafc6b54ebb6f8f38c505d42d61ca
- 1335e6f71cc4e3cf7025233523b4760f8893e9c9
- 46295cac801e5d4857d09837238a6394
- 46487fb57b9f2c72859965bcb3f1f5160c21476e26a6eba62f3addc904274188
- c83c9c9679c08b9d75362a470f3b59391e54e156c1ef84b0dfa23f2e033542f4
- 8e82aa751bfeab05ffc5e7ada239e12c424ac1fe14449c0aef7de48fb5f26644
- 4acb986c63502258ad11c3ae639658ec4ea2004911728c1782bf63c78359adc2
- 3e57b3e255ea4eeef742240a3b2d03b8e9fb8f118d889079a164e0ea23345f59
- 44e0fa1b517dbf802b18faf0785eeea6ac51594b
- 4402f6133c97dbb092a611067855b031cc1e3dc178e72053f6ab2b946a24f997
- 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
- 8baf22244c810b6d25be595d1f42ec353ff7c8fbd9c37513b47a2ffa8af4e0e3
- f1d14c0303d45f3f1897edc54641e381dcfcc0f4da8ab5729cb2bd090c7e5d29
- d414dd4f9db345fa8003e32adc81b362
- fd67c2f46be33412a98a117d47e59c5473c5797a789aa79bf51437ccf60c0a11
- 5234e66392343075b6fe2309b35b0f105658429cea79ce1b34efe74358933b25
- fd5fdcb0caabedab8adbfb8cae49efeb86d67c19905f86ea40be155ea4cf95c3
- d1453e7b6e0c205d73d8d87653914ae80d4d581f6c41f1b183f4ef42c70bdaa7
- 4d157073a891d0832b9b05fb8aca73a8
- 79cffb5ba8c5b0f0c40ce4c229a2369d6a1dafd24659587adab3188bb815199e
- 24745f213395d77e2caf29cdf5ffd8e20fb835e8842e67462cbefd3be1be8914
- f20b7239cf47126100a2bdbce8ee4860941ecbf26c2ba88c5658dc3a91d0caee
- 3fd11ff447c1ee23538dc4d9724427a3
- bf797a435f62001800fc624d2446d7347739fe350d0d9c962eeb7146dfc53f32
- 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
- 5af87dfd673ba2115e2fcf5cfdb727ab
- 81046e921b34925ef9312c9a62cc5affb0d63e7ca2c13ac486278b291f7c08f2
- 57a35d34dec97c850de9224ed89f7fb174624142815e70cf863e08316f0a0ea9
- 18b7421abf184e46a64874bebbfd875d
- e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
- ce6a63f996df3a1cccb81720e21204b825e0238c
- 38bb553058b9684c749a09dfbed2c38bdf5c0e8e302092dadb3aebe69f36e050
- 906fc9728c61142a756d107116c96b1e0f18dd92becc56e8a78f3f294eacda39
- d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
- eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
- fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
- e4ed441f0f6afb0d8d55af87900ec48f
- b2bf049bba813039124a63bb29e947e9c847be52658ffca0481ec03dbad455c4
- 6224108cc3ca531c5ab214984b64a07566f31fed35b7ea78af79506fe24c70d9
- 12876284cd618d55e4d5ade10e3a82c1
- e839394551f4820a374b4f3a9110fa67a0e4c916cc3d8f88b096b591b5d54df7
- 41876349cb12d6db992f1309f22df3f0
- 377d072e137022223a370760763420bb
- 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
- 44b49d39e3ba9e1cd02e8ef24332405af46dbbd52f728e68f007dabd305b58c7
- ac354a4723aaa4f06bec385ddde4a4d0983ad51456f52b31a8068ec97d5b5ea7
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for Icarus
Defense Evasion
T1562
Impair Defenses
T1027
Obfuscated Files or Information
Execution
T1059
Command and Scripting Interpreter
Impact
T1486
Data Encrypted for Impact
T1490
Inhibit System Recovery
Lateral Movement
T1021
Remote Services
T1021.001
Remote Desktop Protocol
T1080
Taint Shared Content
Other
T1203
T1203
Persistence
T1078
Valid Accounts
T1547
Boot or Logon Autostart Execution
Victims(12)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| H* | — | — | — | Unknown | about 18 hours ago | |
| G* | — | — | — | Unknown | about 18 hours ago | |
| C* | — | — | — | Unknown | about 18 hours ago | |
| Huntress | huntress.com | US United States | Technology | Unknown | 1 day ago | |
| HDS (Hdscorp) | hdsupply.com | US United States | — | Unknown | 1 day ago | |
| Gms-net | gms.net | CH Switzerland | Technology | Unknown | 1 day ago | |
| Cqcrm | — | — | Professional Services | Unknown | 1 day ago | |
| Cbassociations | — | — | Professional Services | Unknown | 1 day ago | |
| DEADLINE MONDAY | klue.com | CA Canada | — | Unknown | 3 days ago | |
| Klue.com | klue.com | CA Canada | Technology | Data Leaked | 5 days ago | |
| thecreditpros.com | thecreditpros.com | US United States | Financial Services | Data Leaked | 8 days ago | |
| Cazh.id | — | ID Indonesia | Retail & E-Commerce | Claimed | about 2 months ago |
Affected countries(4)
Countries where this group has been reported to target or leak victims.