The 8base Ransomware group made its first appearance in early March 2022, remaining somewhat quiet after the attacks. This group operates like other ransomware actors, engaging in double extortion. However, in mid-May and June 2023, the ransomware operation saw a spike in activity against organizations from various sectors, listing 131 organizations in just 3 months. The 8base data leak site was created and made available in March 2023, claiming honesty and simplicity in its discourse. VMware published a report on 8base, drawing some similarities with the ransomware group `RansomHouse`, pointing out resemblances such as the website used by 8base and the ransom notes presented in its attacks. Interestingly, the 8base Ransomware group does not have its own ransomware developed by the group. Instead, the actors took advantage of other leaked ransomware builders to customize the ransom note and present it to the victim organization as 8base's operation. Source : [enlace omitido]
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Tácticas y técnicas observadas del actor, mapeadas a MITRE ATT&CK (clic para ver la ficha oficial). Útil para priorizar detecciones.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
8BASE ransomware (Phobos variant)
*/
rule _8BASE_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.8base"
description = "Detects 8BASE ransomware ransom note"
date = "2026-05-04"
severity = 7
score = 70
strings:
$s1 = "8BASE" ascii nocase
$s2 = "8base" ascii nocase
$s3 = "8base.onion" ascii nocase
condition:
any of them
}
rule _8BASE_PE
{
meta:
author = "ransomware.live"
family = "ransomware.8base"
description = "Detects 8BASE ransomware executable (Phobos-based)"
date = "2026-05-04"
severity = 9
score = 90
strings:
$s1 = "8BASE" ascii wide
$s2 = ".8base" ascii nocase
$s3 = "8base.onion" ascii
condition:
uint16(0) == 0x5A4D and 2 of them
}
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01//EN' '[redactado]
<html>
<head>
<meta charset='windows-1251'>
<title>encrypted</title>
<HTA:APPLICATION
ICON='msiexec.exe'
SINGLEINSTANCE='yes'
SysMenu="no">
<script language='JScript'>
window.moveTo(50, 50);
window.resizeTo(screen.width - 100, screen.height - 100);
</script>
<style type='text/css'>
body {
font: 15px Tahoma, sans-serif;
margin: 10px;
line-height: 25px;
background: #EDEDED;
}
img {
display:inline-block;
}
.bold {
font-weight: bold;
}
.mark {
background: #D0D0E8;
padding: 2px 5px;
}
.header {
text-align: center;
font-size: 30px;
line-height: 50px;
font-weight: bold;
margin-bottom:20px;
}
.info {
background: #D0D0E8;
border-left: 10px solid #00008B;
}
.alert {
background: #FFE4E4;
border-left: 10px solid #FF0000;
}
.private {
border: 1px dashed #000;
background: #FFFFEF;
}
.note {
height: auto;
padding-bottom: 1px;
margin: 15px 0;
}
.note .title {
font-weight: bold;
text-indent: 10px;
height: 30px;
line-height: 30px;
padding-top: 10px;
}
.note .mark {
background: #A2A2B5;
}
.note ul {
margin-top: 0;
}
.note pre {
margin-left: 15px;
line-height: 13px;
font-size: 13px;
}
.footer {
position:fixed;
bottom:0;
right:0;
text-align: right;
}
.title {
margin-left: 0;
}
.title.sub {
margin-left:30px;
dispaly:inline-block;
}
</style>
</head>
<body>
<div class='header'>
<img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAQAAAAAYLlVAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JQAAgIMAAPn/AACA6QAAdTAAAOpgAAA6mAAAF2+SX8VGAAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjAwwMJwSFwIn8AAADNklEQVRo3u2ZTUhUURTHfzozmprmZ1pYEmkfJNEmiwwkSEyFECIQpEUboYhqFYHQXlcti9rUKldWBEUiuQpbtDDNzD5G8qM0HRXLRtO5LdJx3puPd++8+xyIztm88zgf/3veufeee18SdimDI1RxnL0U4gbAzxhDdPGCfpZs+49JWTTyFB8iAq8wTju1pDgXvopOliIGX+d57rHPieBuLvLNIvgaD1KvP/x1FiTDCwQTNOkFcJVfCuEFgq+c0he+minF8AJBH2WRnCUph8/nIZVhb2d5w1smEbjYSTn7SQ/TucsFlnWkPxBW6Xc4RkbIoHKooSNshsxRbT98Eb0mtyM04oqgmR6hUNvtrwrnWDa4nOVMVF0XLfw2aPuosBfezQPTmNpiVtFmnpj0W+wBKMFrcPeJ3RYWNfwwWHSSZgdAHX6Du5uWFpl0myqm1KiQrASgnNQQaZFOS4t5nhvkAnbZAbDHIE0wIGHzmsUQKdXkQwlACtsN8ijfJay8zBjkovgBbCLPlAG/hNUcswa5IH4Ayasdzxr5pBbWRRYMstGHYg04QAkH4FbQFSwTCKbdI7mzWVipbMceKtiCCFqO0OeY1caRbAaKOcgOCpQ+WWTyM8EwvfjkTfJoYZDFONqwaPyTHs7LbktlPNMYep2XuE22dfhsHjkS/i+3Wn/SK2EdoE72UeuyGH8rxbbLLjqlkRlb4TAzDo5fIJiOvRTnR+ju9VJuwveC/wASDsD+2h5KUyyQTVZiALzjFt3MsY16mtmqx2mt9BbUw4EQuzpGpVcCLQB8nDBZXmJFDoCeInzFS9ObxwzLmeoBMGA4/QBM4t1IAOHXDi7Zqwg9ACrCWotS8xnQWQCHOGsafzOFOhzLT8NxmoI3RZncULjG1ARA8DHYupxUucbUtxd4ghnw4JI30wdARHneMABx0j8FYD3xCkdefQByKFl9KsOjy6nKNBR0cZRCTjOk1JhrBCCY5r3pZtSS9bZkueSqmljVgPoPDa0Algk4HD8QG8AXph0G8Dk2AC89DgPosFKodvR83G/dtiRzTevtUChP0SCTpBQuM+bI6Bvk51gl96X/FFvzCh9oW0v+H2zO2tYtz/EgAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDE5LTAzLTEyVDEyOjM5OjA0KzAwOjAwG6lIYwAAACV0RVh0ZGF0ZTptb2RpZnkAMjAxOS0wMy0xMlQxMjozOTowNCswMDowMGr08N8AAAAASUVORK5CYII='>
<div>Dear Management</div>
</div>
<div class='bold'> If you are reading this message, it means that:<br><ul>
- your network infrastructure has been compromised,<br>
- critical data was leaked,<br>
- files are encrypted</span></div></ul>
<div class='bold'> The best and only thing you can do is to contact us to settle the matter before any losses occurs.</span></div>
<div class='bold'> Onion site: <span class='mark'><a href='[redactado]
<div class='bold'> [redactado] channel: <span class='mark'><a href='[redactado]
</div>
<div class='note info'>
<div clasSt. Nicholas School is an international school in Sao Paulo, Brazil, with two campuses: in Pinheiros and Alfaville districts. Founded in 1980 by Mrs. Kirsten, the school strives to provide high-quality education in a welcoming environment. It offers International Baccalaureate (IB) programs at all levels of study, including elementary, secondary school, and graduate programs. The school's goal is to educate students with critical thinking, creativity and global responsibility, preparing them for success in the modern world.[enlace omitido]
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| St. Nicholas School | BR | Education | — | 1 feb 2025 |
| Bring Solution | BR | Business Services | — | 14 ene 2025 |
| Grupo Buddemeyer | BR | Manufacturing | — | 3 ene 2025 |
| Sicoob | BR | Financial Services | — | 22 dic 2024 |
| Lumina Americas | MX | Technology | — | 29 abr 2024 |
| HC Querétaro | MX | Healthcare | — | 27 mar 2024 |
| Araújo e Policastro Advogados | BR | Business Services | — | 18 sept 2023 |
| Conselho Superior da Justiça do Trabalho | BR | Public Sector | — | 7 sept 2023 |
| Chula Vista Electric (CVE) | CL | Construction | — | 6 sept 2023 |
| Community Council of South Central Texas | MX | Public Sector | — | 26 ago 2023 |
| Community Action | MX | Business Services | — | 25 ago 2023 |
| INSTITUTO NACIONAL DE ELECTRIFICACION | GT | Energy | — | 25 ago 2023 |
| BTU | AR | Construction | — | 13 jul 2023 |
| Pesquera Diamante S.A. | PE | Agriculture and Food Production | — | 11 jul 2023 |
| ROBERT L BAYLESS PRODUCER LLC | MX | Energy | — | 7 jul 2023 |
| Futura Agronegócios | BR | Agriculture and Food Production | — | 19 jun 2023 |
| Ligas Gerais Industria E Comercio | BR | Manufacturing | — | 15 jun 2023 |
| Transprensa | CO | Transportation/Logistics | — | 12 jun 2023 |
| Defesa da Classe Trabalhadora (Declatra) | BR | Business Services | — | 11 jun 2023 |
| TECHCERT | BR | Education | — | 11 jun 2023 |
| PREMIER HOSPITAL DIA | BR | Healthcare | — | 11 jun 2023 |
| CLONARTE | BR | Business Services | — | 11 jun 2023 |
| SINTTEL | BR | Not Found | — | 11 jun 2023 |
| RJP MEDICAL LTDA | BR | Healthcare | — | 11 jun 2023 |
| Ampla Divisórias | BR | Business Services | — | 11 jun 2023 |
| CST Medicina do Trabalho | BR | Healthcare | — | 23 may 2023 |
| TTG Log | BR | Transportation/Logistics | — | 23 may 2023 |
| IMASA | MX | Agriculture and Food Production | — | 23 may 2023 |
| CONTASS | BR | Business Services | — | 23 may 2023 |
| Artconta - Contabilidade e. Assistência Fiscal | BR | Business Services | — | 23 may 2023 |
| Csc Baixo Sul Assessoria e Consultoria Empresarial e Contabil LTDA | BR | Business Services | — | 23 may 2023 |
| APIQROO | MX | Public Sector | — | 23 may 2023 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
Brazil-based Bring Solutions manufactures and sells innovative ingredients, offering customized, fast and reliable solutions to add value to its customers' businesses.bringsolutions.com.br
Buddemeyer is a national leader in the top segment of the bed, table and bath market. Quality products and excellence. Meet! Buddemeyer has been synonymous with tradition since 1951. It has exclusive products that follow the principles of German quality that allied to high technology, provide high performance and innovation. We are specialists in home products such as bath towels, carpet coordination and bathrobes, all made with 100% cotton long fibers, pre-washed and pre-shrunk, unicolor and red yarnBUDDEMEYER.COM.BR
Sicoob is a cooperative financial institution present throughout Brazil. Millions of people are already part of this movement. Sicoob is the largest cooperative financial system in the country, with more than 8 million members and more than 4.6 thousand service points distributed throughout Brazil. We are a financial cooperative that offers members Current Account Services, Credit, Investment, cards, Social Security, consortium, insurance, bank collection, acquisition of electronic means of payment, among others. In other words, we have a complete portfolio to meet our audience. We are recognized as the third best financial institution in Brazil according to the ranking "Best Banks in the world 2024", carried out by Forbes in partnership with the market research company Statista. [enlace omitido]
Lumina Americas is a regional consulting and technology service company based in Latin America with offices in Argentina, Mexico and a representation in Spain luminaamericas.com
Hc Queretaro, S.A. De C.V. was founded in 1994. The Company's line of business includes the manufacturing of plastics products.hcq.proterial.com