IOC pivotioc · sha-256
518544e56e8ccee401ffa1b0a01a10ce23e49ec21ec441c6c7c3951b01c1b19c
RU · Russia8Baseconfidence · high
Phobos-derived 8Base ransomware payload analyzed by VMware Carbon Black in the June 2023 spike of double-extortion intrusions. Loaded via SmokeLoader with SystemBC for C2.
- family
- Phobos
- first seen
- May 31, 2023
- publisher
- VMware Carbon Black