APT / THREAT GROUP💰 FINANCIAL

8base

475
victims
1
aliases

Intelligence Profile

The 8base Ransomware group made its first appearance in early March 2022, remaining somewhat quiet after the attacks. This group operates like other ransomware actors, engaging in double extortion. <BR> However, in mid-May and June 2023, the ransomware operation saw a spike in activity against organizations from various sectors, listing 131 organizations in just 3 months.<BR> The 8base data leak site was created and made available in March 2023, claiming honesty and simplicity in its discourse.<BR> VMware published a report on 8base, drawing some similarities with the ransomware group `RansomHouse`, pointing out resemblances such as the website used by 8base and the ransom notes presented in its attacks.<BR> Interestingly, the 8base Ransomware group does not have its own ransomware developed by the group. Instead, the actors took advantage of other leaked ransomware builders to customize the ransom note and present it to the victim organization as 8base's operation.<BR>Source : https://github.com/crocodyli/ThreatActors-TTPs

Threat Analysis

8base is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like 8base prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

Ransomware Victims (475)

CTIWATCH tracks 475 organizations claimed as victims by 8base on its data leak site, with attack dates, sectors and countries.

View full victims list →

Intelligence Reports Mentioning 8base

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Aliases1

Also Known As

8base

DLS Infrastructure

○ OFFLINEbasemmnnqwxevlymli5bs36o5ynti55xojzvn246spahniugwkff2pad.onion
○ OFFLINExb6q2aggycmlcrjtbjendcnnwpmmwbosqaugxsqb4nx6cmod3emy7sad.onion
○ OFFLINE92.118.36.204.
○ OFFLINExfycpauc22t5jsmfjcaz2oydrrrfy75zuk6chr32664bsscq4fgyaaqd.onion
○ OFFLINEbasemmnnqwxevlymli5bs36o5ynti55xojzvn246spahniugwkff2pad.onion

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.