RansomHub (Payload) (a3044fb5-3aae-4590-b589-cc88bf0d1f34)

This object represents the techniques associated with the payload binary used in attacks associated with the RansomHub ransomware-as-a-service ("RaaS") operation. The RansomHub gang is suspected of leaking victim data exfiltrated in attacks by other groups, but researchers have also observed an apparent original ransomware payload linked to the group.^{[BroadcomSW June 5 2024]}^{[The Record RansomHub June 3 2024]} This payload displays a high degree of code similarity with Knight ransomware, whose source code was offered for sale in cybercriminal forums in February 2024.^{[BroadcomSW June 5 2024]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Scattered Spider (3d77fb6c-cfb4-5563-b0be-7aa1ad535337)	Tidal Groups	RansomHub (Payload) (a3044fb5-3aae-4590-b589-cc88bf0d1f34)	Tidal Software	1
RansomHub (Payload) (a3044fb5-3aae-4590-b589-cc88bf0d1f34)	Tidal Software	Indrik Spider (3c7ad595-1940-40fc-b9ca-3e649c1e5d87)	Tidal Groups	1
RansomHub (Payload) (a3044fb5-3aae-4590-b589-cc88bf0d1f34)	Tidal Software	CosmicBeetle (04b73cf2-33f4-4206-be9e-c80c4c9b54e8)	Tidal Groups	1
RansomHub (Payload) (a3044fb5-3aae-4590-b589-cc88bf0d1f34)	Tidal Software	RansomHub Ransomware Actors (94794e7b-8b54-4be8-885a-fd1009425ed5)	Tidal Groups	1