SYMBOLCOMMON_NAMEaka. SYNONYMS
win.8base (Back to overview)

8Base

The 8Base ransomware group has remained relatively unknown despite the massive spike in activity in Summer of 2023. The group utilizes encryption paired with “name-and-shame” techniques to compel their victims to pay their ransoms. 8Base has an opportunistic pattern of compromise with recent victims spanning across varied industries. Despite the high amount of compromises, the information regarding identities, methodology, and underlying motivation behind these incidents still remains a mystery. Samples of their ransomware show they are using customized Phobos with SmokeLoader.

References
2023-11-17Cisco TalosGuilherme Venere
@online{venere:20231117:deep:b5f97e0, author = {Guilherme Venere}, title = {{A deep dive into Phobos ransomware, recently deployed by 8Base group}}, date = {2023-11-17}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/}, language = {English}, urldate = {2023-11-27} } A deep dive into Phobos ransomware, recently deployed by 8Base group
8Base Phobos
2023-09-18KrebsOnSecurityBrian Krebs
@online{krebs:20230918:whos:a141b00, author = {Brian Krebs}, title = {{Who's Behind the 8Base Ransomware Website?}}, date = {2023-09-18}, organization = {KrebsOnSecurity}, url = {https://krebsonsecurity.com/2023/09/whos-behind-the-8base-ransomware-website/}, language = {English}, urldate = {2023-09-22} } Who's Behind the 8Base Ransomware Website?
8Base
2023-08-23LogpointAnish Bogati, Nischal khadgi
@online{bogati:20230823:defending:9322a16, author = {Anish Bogati and Nischal khadgi}, title = {{Defending Against 8base: Uncovering Their Arsenal and Crafting Responses}}, date = {2023-08-23}, organization = {Logpoint}, url = {https://www.logpoint.com/en/blog/emerging-threat/defending-against-8base/}, language = {English}, urldate = {2023-09-05} } Defending Against 8base: Uncovering Their Arsenal and Crafting Responses
8Base SmokeLoader SystemBC
2023-07-27SOCRadarSOCRadar
@online{socradar:20230727:dark:9caceaf, author = {SOCRadar}, title = {{Dark Web Profile: 8Base Ransomware}}, date = {2023-07-27}, organization = {SOCRadar}, url = {https://socradar.io/dark-web-profile-8base-ransomware/}, language = {English}, urldate = {2023-08-01} } Dark Web Profile: 8Base Ransomware
8Base
2023-07-26TalosNicole Hoffman
@online{hoffman:20230726:incident:4731c33, author = {Nicole Hoffman}, title = {{Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical}}, date = {2023-07-26}, organization = {Talos}, url = {https://blog.talosintelligence.com/talos-ir-q2-2023-quarterly-recap/}, language = {English}, urldate = {2023-08-03} } Incident Response trends Q2 2023: Data theft extortion rises, while healthcare is still most-targeted vertical
BianLian Clop LockBit Royal Ransom LockBit 8Base BianLian Clop LockBit Money Message Royal Ransom
2023-07-17AcronisAcronis Security
@online{security:20230717:8base:e99c087, author = {Acronis Security}, title = {{8Base ransomware stays unseen for a year}}, date = {2023-07-17}, organization = {Acronis}, url = {https://www.acronis.com/en-sg/cyber-protection-center/posts/8base-ransomware-stays-unseen-for-a-year/}, language = {English}, urldate = {2023-08-09} } 8Base ransomware stays unseen for a year
8Base Phobos SmokeLoader
2023-06-30Twitter (@rivitna2)@rivitna2
@online{rivitna2:20230630:twitter:9e51899, author = {@rivitna2}, title = {{Twitter thread about relationship between 8Base and Phobos ransomware}}, date = {2023-06-30}, organization = {Twitter (@rivitna2)}, url = {https://twitter.com/rivitna2/status/1674718854549831681}, language = {English}, urldate = {2023-08-01} } Twitter thread about relationship between 8Base and Phobos ransomware
8Base Phobos
2023-06-28vmwareDeborah Snyder, Fae Carlisle, Dana Behling, Bria Beathley
@online{snyder:20230628:8base:6caf8b6, author = {Deborah Snyder and Fae Carlisle and Dana Behling and Bria Beathley}, title = {{8Base Ransomware: A Heavy Hitting Player}}, date = {2023-06-28}, organization = {vmware}, url = {https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html}, language = {English}, urldate = {2023-08-03} } 8Base Ransomware: A Heavy Hitting Player
8Base Phobos SmokeLoader SystemBC
2023-05-24BushidoToken BlogBushidoToken
@online{bushidotoken:20230524:unmasking:7b4ab5b, author = {BushidoToken}, title = {{Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz}}, date = {2023-05-24}, organization = {BushidoToken Blog}, url = {https://blog.bushidotoken.net/2023/05/unmasking-ransomware-using-stylometric.html}, language = {English}, urldate = {2023-08-01} } Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz
8Base

There is no Yara-Signature yet.