PanelActoresCampanasMapaTTPs
Panel » Actores » lilith
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
lilith logo

lilith

1 incidentes 1 paises 1 sectores ransomware RU Ultimo: 2026-06-25
Aliases: LilithCrypt
Ver en IntelTracker → APTTrail →
Lilith is a ransomware-as-a-service (RaaS) operation that first emerged in July 2022, discovered by malware researcher JAMESWT. It operates with a clear financial motivation, employing a double extortion model. Despite being described by cybersecurity researchers as having low sophistication and not introducing novel techniques, Lilith distinguished itself by appearing alongside other new ransomware groups during a period of increased ransomware activity. The group is also known as LilithCrypt, and while it exhibits some similarities in code or methodology, such as excluding a Babuk ransomware public key file from encryption, it has not been directly linked as a rebrand of Babuk or other groups. Its initial victim was a large construction group in South America, indicating a focus on 'big-game hunting' from its inception.

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises afectados

United Kingdom (1)

Paises objetivo (SOCRadar)

ArgentinaBolivia, Plurinational State ofBrazilChileColombiaEcuadorFrench GuianaGuyanaPeruParaguay

Sectores atacados

Construction (1)

Sectores objetivo (SOCRadar)

ConstructionManufacturingInformation ServicesFinanceProfessional&Technical ServicesHealthCare & Social AssistanceOtherConstruction of BuildingsComputer Systems Design Services

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com