PanelActoresCampanasMapaTTPs
Panel » Actores » payload
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
payload logo

payload

0 incidentes 0 paises 0 sectores ransomware Ultimo: -
Ver en IntelTracker → APTTrail →
Payload is a ransomware group that first emerged in February 2026, rapidly expanding its victim base across multiple continents. The group's primary motivation is financial gain, achieved through double-extortion tactics where they encrypt victim data and threaten to publicly release stolen sensitive information if ransom demands are not met. What distinguishes Payload from other groups is its use of ChaCha20 encryption with a per-file Curve25519 Elliptic-curve Diffie–Hellman (ECDH) exchange, alongside aggressive anti-forensic measures to hinder detection and recovery efforts. The group leverages Tor onion sites for victim communication and data leak publication.
CVEs relacionadas
CVE-2025-59287

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Tipo
ransomware
Pais origen
-
Motivacion
-
Impacto
100
Actualizado
Sat, 20 Ju

Paises objetivo (SOCRadar)

United Arab EmiratesAustriaAustraliaBahrainCanadaSwitzerlandChinaCyprusGermanyDominican Republic

Sectores objetivo (SOCRadar)

Construction of BuildingsFood ManufacturingOther Information ServicesSoftware PublishersReal EstateHospitalsEnterprises & HoldingAccommodationAir TransportationManufacturing