Uptime Hamster: 15d 1h 57mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza pandora

pandora

2 incidentes 1 paises 0 sectores ransomware CN Ultimo: 2026-06-29
Aliases: G0023, ELMER backdoor, Gh0st, HTRAN, UNICAT, Poison Ivy, Pandora, asociados al grupo, incluido Activist, dominios como www
Ver en IntelTracker → APTTrail →
Pandora is a ransomware group that emerged in mid-February 2022, notably announcing its first victim on February 21, 2022. The group's primary motivation is financial gain, achieved through double extortion tactics where they exfiltrate sensitive data before encrypting systems and threatening to leak the information if ransom demands are not met. Pandora is widely suspected to be a rebrand of the Rook ransomware, itself a variant of Babuk, and has been associated with the Chinese-affiliated threat group BRONZE STARLIGHT. What distinguishes Pandora is its emphasis on efficient multithreading for rapid encryption and extensive anti-reverse engineering techniques to hinder analysis.

Aliases del actor

G0023ELMER backdoorGh0stHTRANUNICATPoison IvyPandoraasociados al grupoincluido Activistdominios como www

Actores similares

poison-ivyactor · 1backdoordiplomacyactor · 2capi-backdooractor · 1apt-poisonneedlesactor · 1BackdoorDiplomacyapt · 1spivyactor · 1poisonous-pandaactor · 1poison-carpactor · 1gh0st-ratactor · 1htranactor · 1

Canales, DLS e infraestructura asociada

Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.

TipoEstadoHost / enlaceTitle / ultimo titulo
DLS / onionunknownDLSvbfqeh5nugm6r2u2qvghsdxm3fotf5wbxb5ltv6vw77vus5frdpuaiid.onionMaliciouspandora
DLS / leak siteunknownransomware.anggipradana.comRansomware Group: pandora
Tecnicas MITRE
T1495, T1498, T1056, T1134, T1055, T1115
CVEs relacionadas
CVE-2015-3636, CVE-2014-4324, CVE-2014-4321, CVE-2014-3153, CVE-2013-6282
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises afectados

United States (1)

Paises objetivo (SOCRadar)

United Arab EmiratesArgentinaAustraliaBelgiumBrazilCanadaChinaCzech RepublicGermanySpain

Sectores objetivo (SOCRadar)

Software PublishersEnterprises & HoldingManufacturingElectrical Equipment, Appliance, and Component ManufacturingPublic AdministrationEducational ServicesInternet PublishingEnergy & Utilities InsuranceMotor Vehicle Manufacturing

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com