Axxes Ransomware Group Appears to be the Rebranded Version of Midas Group
Category:
Adversary Intelligence |
Industry:
Multiple |
Country/ Region:
Global |
Source*:
F6 |
---|
>> What happened?
Important files on your network was ENCRYPTED and now they have “Axxes” extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your network was DOWNLOADED. More than 70 GB. If you DON’T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: – Employees personal data, CVs, DL, SSN. – Complete network map including credentials for local and remote services. – Private financial information including: clients data, bills, budgets, annual reports, bank statements. >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? 1) Download and install Tor Browser from: https://torproject.org/ 2) ymnbqd5gmtxc2wepkesq2ktr5qf4uga6wwrsbtktq7n5uvhqmbyaq4qd.onion/link.php?id=hTjNdkb5OCr74qyYii8r5987laFscF |
---|
Axxes ransomware note
Based on the results from VirusTotal and Triage, the following are the IOCs for Axxes ransomware.
MD5 | |
---|---|
063a4b2fb6f7bd96710dd054d03a8668 | ac2e9f9f84f98a1c7514fcf2e81eaa88 |
SHA-1 | |
b82bc6b886672606672bf58e84625fafeebf09cc | 8dfb08d755a31fdd40bfc624983113e2b0a4c0ad |
SHA-256 | |
5b1d1e8d4d93d360b044101d6c5835b4ac4cb0ef0d19e83d93cafbbd22e708ab | ec7fbdf548bd27bb5076dd9589e1b87f3c5740da00e77c127eb4cd4541d7d6f7 |
IPv4 | |
8[.]240[.]24[.]124 | 8[.]249[.]245[.]252 |
192[.]168[.]0[.]66 | 8[.]252[.]36[.]124 |
8[.]252[.]68[.]252 | 8[.]253[.]151[.]245 |
8[.]253[.]208[.]108 | 8[.]253[.]208[.]109 |
8[.]253[.]208[.]116 | 8[.]253[.]254[.]124 |
Impact | Mitigation |
---|---|
|
|