Introduction
This object reflects the ATT&CK Techniques associated with threat actors who deploy Eldorado, a ransomware-as-a-service (“RaaS”) first advertised for sale on cybercrime forums in March 2024. Researchers assess that Eldorado is a “unique” ransomware strain that is likely not derived from previously leaked ransomware source code.[Group-IB July 3 2024] Windows and Linux-focused versions of the ransomware are known to exist. (ATT&CK Techniques associated with these malware binaries are tracked in a separate “Eldorado Ransomware” Software object.)
Activities and Tactics
Information pending cataloguing.
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- CyberGate:
- Cyber Eye RAT:
- Windows Remote Desktop:
- Archelaus Beta:
Attribution and Evidence
Information pending cataloguing.
References
[1] [Group-IB July 3 2024