RansomHub (Payload) (Deprecated) (a3044fb5-3aae-4590-b589-cc88bf0d1f34)

We are no longer maintaining this object in favor of a similar object subsequently published by MITRE: "RansomHub" (Software). All relevant Tidal content extensions (e.g. additional Technique and Object relationships and metadata) have been added to the MITRE-authored object.

This object represents the techniques associated with the payload binary used in attacks associated with the RansomHub ransomware-as-a-service ("RaaS") operation. The RansomHub gang is suspected of leaking victim data exfiltrated in attacks by other groups, but researchers have also observed an apparent original ransomware payload linked to the group.^{[BroadcomSW June 5 2024]}^{[The Record RansomHub June 3 2024]} This payload displays a high degree of code similarity with Knight ransomware, whose source code was offered for sale in cybercriminal forums in February 2024.^{[BroadcomSW June 5 2024]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Scattered Spider (3d77fb6c-cfb4-5563-b0be-7aa1ad535337)	Tidal Groups	RansomHub (Payload) (Deprecated) (a3044fb5-3aae-4590-b589-cc88bf0d1f34)	Tidal Software	1
Indrik Spider (3c7ad595-1940-40fc-b9ca-3e649c1e5d87)	Tidal Groups	RansomHub (Payload) (Deprecated) (a3044fb5-3aae-4590-b589-cc88bf0d1f34)	Tidal Software	1
RansomHub (Payload) (Deprecated) (a3044fb5-3aae-4590-b589-cc88bf0d1f34)	Tidal Software	CosmicBeetle (04b73cf2-33f4-4206-be9e-c80c4c9b54e8)	Tidal Groups	1
RansomHub Ransomware Actors (94794e7b-8b54-4be8-885a-fd1009425ed5)	Tidal Groups	RansomHub (Payload) (Deprecated) (a3044fb5-3aae-4590-b589-cc88bf0d1f34)	Tidal Software	1