IOC pivotioc · domain
darksidedxcftmqa[.]onion
RU · RussiaDarkSideconfidence · high
DarkSide data-leak Tor hidden service URL embedded in victim ransom notes during the campaigns Mandiant profiled in its May 11, 2021 'Shining a Light on DARKSIDE' report covering UNC2628, UNC2659 and UNC2465 affiliates - the same RaaS used against Colonial Pipeline on May 7, 2021 (CISA AA21-131A).
- family
- DarkSide
- first seen
- May 10, 2021
- publisher
- Mandiant