Hades

Description

Ransomware.

External Analysis
http://www.secureworks.com/research/threat-profiles/gold-winter
https://assets.sentinelone.com/sentinellabs/sentinellabs_EvilCorp
https://awakesecurity.com/blog/incident-response-hades-ransomware-gang-or-hafnium/
https://blog.truesec.com/2021/05/05/are-the-notorious-cyber-criminals-evil-corp-actually-russian-spies/
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
https://killingthebear.jorgetesta.tech/actors/evil-corp
https://symantec.broadcom.com/hubfs/The_Ransomware_Threat_September_2021.pdf
https://twitter.com/inversecos/status/1381477874046169089?s=20
https://www.accenture.com/us-en/blogs/cyber-defense/unknown-threat-group-using-hades-ransomware
https://www.accenture.com/us-en/blogs/security/ransomware-hades
https://www.advanced-intel.com/post/adversarial-perspective-advintel-breach-avoidance-through-monitoring-initial-vulnerabilities
https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-hades-ransomware-to-evade-sanctions/
https://www.crowdstrike.com/blog/how-big-game-hunting-ttps-shifted-after-darkside-pipeline-attack/
https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox
https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions
https://www.secureworks.com/blog/hades-ransomware-operators-use-distinctive-tactics-and-infrastructure
https://www.sentinelone.com/wp-content/uploads/2022/02/S1_-SentinelLabs_SanctionsBeDamned_final_02.pdf
Urls
Screen
http://ixltdyumdlthrtgx.onion
File servers
Screen
Chat servers
Screen
http://m6s6axasulxjkhzh.onion/