| SYMBOL | COMMON_NAME | aka. SYNONYMS |
GOLD WINTER are a financially motivated group, likely based in Russia, who operate the Hades ransomware. Hades activity was first identified in December 2020 and its lack of presence on underground forums and marketplaces leads CTU researchers to conclude that it is not operated under a ransomware as a service affiliate model. GOLD WINTER do employ name-and-shame tactics, where data is stolen and used as additional leverage over victims, but rather than a single centralized leak site CTU researchers have observed the group using Tor sites customized for each victim that include a Tox chat ID for communication, which also appears to be unique for each victim.
| 2022-06-13
⋅
Jorge Testa
⋅
Killing The Bear - Evil Corp FAKEUPDATES Babuk Blister DoppelPaymer Dridex Entropy FriedEx Hades Macaw Phoenix Locker WastedLoader WastedLocker |
| 2022-06-02
⋅
Mandiant
⋅
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions FAKEUPDATES Blister Cobalt Strike DoppelPaymer Dridex FriedEx Hades LockBit Macaw MimiKatz Phoenix Locker WastedLocker |
| 2022-02-01
⋅
Sentinel LABS
⋅
Sanctions be Damned | From Dridex To Macaw, The Evolution of Evil Corp Dridex FriedEx Hades Phoenix Locker WastedLocker |
| 2021-10-22
⋅
HUNT & HACKETT
⋅
Advanced IP Scanner: the preferred scanner in the A(P)T toolbox Conti DarkSide Dharma Egregor Hades REvil Ryuk |
| 2021-09-14
⋅
CrowdStrike
⋅
Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack BlackMatter DarkSide REvil Avaddon BlackMatter Clop Conti CryptoLocker DarkSide DoppelPaymer Hades REvil |
| 2021-08-15
⋅
Symantec
⋅
The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
| 2021-06-30
⋅
Advanced Intelligence
⋅
Ransomware-&-CVE: Industry Insights Into Exclusive High-Value Target Adversarial Datasets BlackKingdom Ransomware Clop dearcry Hades REvil |
| 2021-06-29
⋅
Accenture
⋅
HADES ransomware operators continue attacks Cobalt Strike Hades MimiKatz |
| 2021-06-15
⋅
Secureworks
⋅
Hades Ransomware Operators Use Distinctive Tactics and Infrastructure Cobalt Strike Hades |
| 2021-05-10
⋅
DarkTracer
⋅
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok RansomEXX REvil Sekhmet SunCrypt ThunderX |
| 2021-05-05
⋅
TRUESEC
⋅
Are The Notorious Cyber Criminals Evil Corp actually Russian Spies? Cobalt Strike Hades WastedLocker |
| 2021-04-12
⋅
Twitter (@inversecos)
⋅
Tweet on TTPs associated with Hades Ransomware Hades |
| 2021-03-26
⋅
Accenture
⋅
It's getting hot in here! Unknown threat group using Hades ransomware to turn up the heat on their victims Hades |
| 2021-03-25
⋅
Bleeping Computer
⋅
Evil Corp switches to Hades ransomware to evade sanctions Hades WastedLocker |
| 2021-03-01
⋅
AWAKE
⋅
The Unseen One: Hades Ransomware Gang or Hafnium Hades |
| 2021-01-01
⋅
Secureworks
⋅
Threat Profile: GOLD WINTER Cobalt Strike Hades Meterpreter GOLD WINTER |