Overview
Underground operates both as a ransomware group and a dark web data marketplace, selling stolen corporate data packages. Victims are listed with file sizes, revenue estimates, and country of origin. They target high-value organisations across multiple sectors.
Tactics, Techniques & Procedures
Data theft and sale, ransomware deployment, dark web data marketplace
Primary Targets
Corporate networks, Financial Services, Manufacturing
Indicators of Compromise
- Dark web data storefront
- Cobalt Strike
- Data packaged and sold by GB
MITRE ATT&CK Techniques
T1486T1041T1078 Valid AccountsT1133 External Remote Services
Quick Reference
| Status | ACTIVE |
| Type | Ransomware / Data Marketplace |
| First Seen | 2023 |
| Victims Tracked | 13 |
Dark Web Presence
http://47glxkuxyayqrvugfumgsblrdagvrah7gttfscgzn56eyss5wg3uvmqd.onion
Under Attack?
If you believe underground has targeted your organisation, contact Binary Response immediately.
Emergency Response Dark Web Monitoring →