Introduction
This object represents the behaviors associated with operators of 8Base ransomware, who may or may not operate as a cohesive unit. Behaviors associated with samples of 8Base ransomware are represented in the “8Base Ransomware” Software object. The 8Base ransomware operation began claiming significant numbers of victims on its data leak site in June 2023, including organizations in a range of sectors. Researchers have observed considerable similarities between aspects of 8Base’s operations and those of other ransomware groups, leading them to suspect that 8Base may be an evolution or offshoot of existing operations. The language in 8Base’s ransom notes is similar to the language seen in RansomHouse’s notes, and there is strong overlap between the code of Phobos ransomware and 8Base.[VMWare 8Base June 28 2023][Acronis 8Base July 17 2023]
Activities and Tactics
Information pending cataloguing.
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- Archelaus Beta:
Attribution and Evidence
Information pending cataloguing.
References
[1] [VMWare 8Base June 28 2023 [2] [Acronis 8Base July 17 2023