PanelActoresCampanasMapaTTPs
Panel » Actores » obscura
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
obscura logo

obscura

7 incidentes 5 paises 4 sectores ransomware Ultimo: 2026-06-25
Ver en IntelTracker → APTTrail →
Obscura is a Go-based ransomware strain first documented in July 2025, though analysts widely observed its activity starting in late August 2025. It distinguishes itself by directly weaponizing Windows Active Directory (AD) domain controllers for propagation, allowing it to rapidly spread across complex AD environments. Its primary motivation is financial, employing a double extortion model where it encrypts data and threatens to publicly leak stolen information if ransom demands are not met. The group utilizes XChaCha20 with Curve25519 for encryption and consistently drops ransom notes named 'README_Obscura.txt'. Security researchers anticipate that Obscura, currently in its early stages, may evolve into a Ransomware-as-a-Service (RaaS) offering due to its scalable deployment and Go binary structure.

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Victimas
6
TTPs unicas
1
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

TTPs observadas

T1566 Phishing

Paises afectados

Thailand (2) Malaysia (1) Greece (1) Romania (1) Denmark (1)

Paises objetivo (SOCRadar)

United Arab EmiratesAustraliaCanadaCyprusCzech RepublicGermanyDenmarkEgyptSpainUnited Kingdom

Sectores atacados

Construction (1) Telecommunication (1) Energy (3) Technology (1)

Sectores objetivo (SOCRadar)

Construction of BuildingsOther Information ServicesSoftware PublishersReal EstateEnterprises & HoldingAccommodationAir TransportationManufacturingConstructionPublic Administration

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com

Victimas (6)

STC Concrete Product11 Jan 2026
Ransomware Thailand Construction
Resumen Una alerta de ransomware ha sido publicada relacionada con la empresa STC Concrete Product, una compañía pública en Tailandia que produce y di…
REDtone11 Jan 2026
Ransomware Malaysia Telecommunication
Resumen REDtone, un ransomware activo en el sector de telecomunicaciones, ha sido identificado como parte de una operación con el grupo malicioso obsc…
[Redacted] #192724 Dec 2025
Ransomware Thailand Energy
Resumen [Redacted] #1927 es una alerta de ransomware asociada al grupo obscura detectada el 2025-12-24. La notificación no proporciona detalles especí…
Revoil24 Dec 2025
Ransomware Greece Energy
Revoil: Alerta de Ransomware en el Sector de los Combustibles Resumen: La empresa Revoil, una importante distribuidora de combustibles y lubricantes e…
Trend Import Export16 Dec 2025
Ransomware Romania Technology
Resumen Trend Import Export, una empresa de tecnología especializada en soluciones empresariales y hardware, ha sido objeto de un ataque de ransomware…
CleverPower15 Dec 2025
Ransomware Denmark Energy
Resumen CleverPower es un ataque de ransomware asociado al grupo cybercriminal obscura, que ha sido alertado en el contexto de la industria energética…