SYMBOLCOMMON_NAMEaka. SYNONYMS
win.hades (Back to overview)

Hades

Actor(s): GOLD WINTER


Ransomware.

References
2021-09-14CrowdStrikeCrowdStrike Intelligence Team
@online{team:20210914:big:b345561, author = {CrowdStrike Intelligence Team}, title = {{Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack}}, date = {2021-09-14}, organization = {CrowdStrike}, url = {https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/}, language = {English}, urldate = {2021-09-19} } Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack
BlackMatter DarkSide REvil Avaddon BlackMatter Clop Conti CryptoLocker DarkSide DoppelPaymer Hades REvil
2021-06-30Advanced IntelligenceYelisey Boguslavskiy, Brandon Rudisel, AdvIntel Security & Development Team
@online{boguslavskiy:20210630:ransomwarecve:deae6a7, author = {Yelisey Boguslavskiy and Brandon Rudisel and AdvIntel Security & Development Team}, title = {{Ransomware-&-CVE: Industry Insights Into Exclusive High-Value Target Adversarial Datasets}}, date = {2021-06-30}, organization = {Advanced Intelligence}, url = {https://www.advanced-intel.com/post/adversarial-perspective-advintel-breach-avoidance-through-monitoring-initial-vulnerabilities}, language = {English}, urldate = {2021-07-01} } Ransomware-&-CVE: Industry Insights Into Exclusive High-Value Target Adversarial Datasets
BlackKingdom Ransomware Clop dearcry Hades REvil
2021-06-29AccentureAccenture Security
@online{security:20210629:hades:2d4c606, author = {Accenture Security}, title = {{HADES ransomware operators continue attacks}}, date = {2021-06-29}, organization = {Accenture}, url = {https://www.accenture.com/us-en/blogs/security/ransomware-hades}, language = {English}, urldate = {2021-07-01} } HADES ransomware operators continue attacks
Cobalt Strike Hades MimiKatz
2021-06-15SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20210615:hades:e1734d8, author = {Counter Threat Unit ResearchTeam}, title = {{Hades Ransomware Operators Use Distinctive Tactics and Infrastructure}}, date = {2021-06-15}, organization = {Secureworks}, url = {https://www.secureworks.com/blog/hades-ransomware-operators-use-distinctive-tactics-and-infrastructure}, language = {English}, urldate = {2021-06-21} } Hades Ransomware Operators Use Distinctive Tactics and Infrastructure
Cobalt Strike Hades
2021-05-10DarkTracerDarkTracer
@online{darktracer:20210510:intelligence:b9d1c3f, author = {DarkTracer}, title = {{Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb}}, date = {2021-05-10}, organization = {DarkTracer}, url = {https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3}, language = {English}, urldate = {2021-05-13} } Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware gangs released on the DarkWeb
RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok RansomEXX REvil Sekhmet SunCrypt ThunderX
2021-05-05TRUESECMattias Wåhlén
@online{whln:20210505:are:61bb8a0, author = {Mattias Wåhlén}, title = {{Are The Notorious Cyber Criminals Evil Corp actually Russian Spies?}}, date = {2021-05-05}, organization = {TRUESEC}, url = {https://blog.truesec.com/2021/05/05/are-the-notorious-cyber-criminals-evil-corp-actually-russian-spies/}, language = {English}, urldate = {2021-05-08} } Are The Notorious Cyber Criminals Evil Corp actually Russian Spies?
Cobalt Strike Hades WastedLocker
2021-04-12Twitter (@inversecos)inversecos
@online{inversecos:20210412:ttps:c13745e, author = {inversecos}, title = {{Tweet on TTPs associated with Hades Ransomware}}, date = {2021-04-12}, organization = {Twitter (@inversecos)}, url = {https://twitter.com/inversecos/status/1381477874046169089?s=20}, language = {English}, urldate = {2021-04-14} } Tweet on TTPs associated with Hades Ransomware
Hades
2021-03-26AccentureEric Welling, Jeff Beley, Ryan Leininger
@online{welling:20210326:its:33085a3, author = {Eric Welling and Jeff Beley and Ryan Leininger}, title = {{It's getting hot in here! Unknown threat group using Hades ransomware to turn up the heat on their victims}}, date = {2021-03-26}, organization = {Accenture}, url = {https://www.accenture.com/us-en/blogs/cyber-defense/unknown-threat-group-using-hades-ransomware}, language = {English}, urldate = {2021-03-30} } It's getting hot in here! Unknown threat group using Hades ransomware to turn up the heat on their victims
Hades
2021-03-25Bleeping ComputerSergiu Gatlan
@online{gatlan:20210325:evil:5b966ff, author = {Sergiu Gatlan}, title = {{Evil Corp switches to Hades ransomware to evade sanctions}}, date = {2021-03-25}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-hades-ransomware-to-evade-sanctions/}, language = {English}, urldate = {2021-03-30} } Evil Corp switches to Hades ransomware to evade sanctions
Hades WastedLocker
2021-03AWAKEJason Bevis
@online{bevis:202103:unseen:b20b5bf, author = {Jason Bevis}, title = {{The Unseen One: Hades Ransomware Gang or Hafnium}}, date = {2021-03}, organization = {AWAKE}, url = {https://awakesecurity.com/blog/incident-response-hades-ransomware-gang-or-hafnium/}, language = {English}, urldate = {2021-03-31} } The Unseen One: Hades Ransomware Gang or Hafnium
Hades
2021SecureworksSecureWorks
@online{secureworks:2021:threat:bce1d06, author = {SecureWorks}, title = {{Threat Profile: GOLD WINTER}}, date = {2021}, organization = {Secureworks}, url = {http://www.secureworks.com/research/threat-profiles/gold-winter}, language = {English}, urldate = {2021-05-31} } Threat Profile: GOLD WINTER
Cobalt Strike Hades Meterpreter GOLD WINTER

There is no Yara-Signature yet.