DarkSide (Malware Family)
By Fraunhofer FKIE
Archived: 2026-04-05 12:52:09 UTC
FireEye describes DARKSIDE as a ransomware written in C and configurable to target files whether on fixed,
removable disks, or network shares. The malware can be customized by the affiliates to create a build for specific
victims.
2023-07-11 ⋅ Twitter (@embee_research) ⋅
Tweets on Ransomware Infrastructure Analysis With Censys and GrabbrApp
DarkSide 2022-09-22 ⋅ Broadcom ⋅ Symantec Threat Hunter Team
Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics
BlackCat BlackMatter DarkSide 2022-07-13 ⋅ ⋅ GLIMPS ⋅ GLIMPS
Lockbit 3.0
BlackMatter DarkSide LockBit 2022-06-29 ⋅ Mandiant ⋅ Jared Wilson
Burrowing your way into VPNs, Proxies, and Tunnels
DarkSide SMOKEDHAM 2022-05-20 ⋅ AhnLab ⋅ ASEC
Why Remediation Alone Is Not Enough When Infected by Malware
Cobalt Strike DarkSide 2022-05-09 ⋅ Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team, Microsoft Threat Intelligence
Center (MSTIC)
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon
ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi
HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker
PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT 2022-04-13 ⋅
Microsoft ⋅ Microsoft 365 Defender Threat Intelligence Team
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
BlackMatter Cobalt Strike DarkSide Ryuk Zloader 2022-03-23 ⋅ splunk ⋅ Shannon Davis
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk 2022-03-17 ⋅ Sophos ⋅ Tilly
Travers
The Ransomware Threat Intelligence Center
ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry
Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker
Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker 2022-03-16 ⋅ Symantec ⋅ Symantec
Threat Hunter Team
The Ransomware Threat Landscape: What to Expect in 2022
AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty
Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin 2022-02-23 ⋅ splunk ⋅ Shannon Davis, SURGe
An Empirically Comparative Analysis of Ransomware Binaries
https://malpedia.caad.fkie.fraunhofer.de/details/win.darkside
Page 1 of 8

Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk 2022-02-21 ⋅ Brandefense ⋅
Brandefense
Darkside Ransomware Analysis Report
DarkSide 2022-01-25 ⋅ Nozomi Networks ⋅ Alexey Kleymenov
How to Analyze Malware for Technical Writing
DarkSide 2021-11-04 ⋅ CrowdStrike ⋅ Eric Loui, Josh Reynolds
CARBON SPIDER Embraces Big Game Hunting, Part 2
BlackMatter Griffon BlackMatter DarkSide HiddenTear JSSLoader 2021-11-03 ⋅ Group-IB ⋅ Andrey Zhdanov
The Darker Things BlackMatter and their victims
BlackMatter DarkSide BlackMatter DarkSide 2021-11-01 ⋅ FBI ⋅ FBI
PIN Number 20211101-001: Ransomware Actors Use Significant Financial Events and Stock Valuation to
Facilitate Targeting and Extortion of Victims
DarkSide RansomEXX DarkSide PyXie RansomEXX 2021-10-22 ⋅ HUNT & HACKETT ⋅ Krijn de Mik
Advanced IP Scanner: the preferred scanner in the A(P)T toolbox
Conti DarkSide Dharma Egregor Hades REvil Ryuk 2021-10-22 ⋅ Twitter (@GelosSnake) ⋅ Omri Segev Moyal
Tweet on List of wallets used by Darkside/Blackmatter Operator to split out the money
BlackMatter DarkSide BlackMatter DarkSide 2021-10-22 ⋅ Bleeping Computer ⋅ Ionut Ilascu
DarkSide ransomware rushes to cash out $7 million in Bitcoin
BlackMatter DarkSide BlackMatter DarkSide 2021-10-22 ⋅ The Record ⋅ Catalin Cimpanu
DarkSide ransomware gang moves some of its Bitcoin after REvil got hit by law enforcement
BlackMatter DarkSide BlackMatter DarkSide 2021-10-22 ⋅ Elliptic ⋅ Elliptic Intel
DarkSide bitcoins on the move following government cyberattack against REvil ransomware group
BlackMatter DarkSide BlackMatter DarkSide 2021-10-14 ⋅ YouTube (Uriel Kosayev) ⋅ Uriel Kosayev
DarkSide Ransomware Reverse Engineering
BlackMatter DarkSide BlackMatter DarkSide 2021-10-12 ⋅ CrowdStrike ⋅ CrowdStrike Intelligence Team
ECX: Big Game Hunting on the Rise Following a Notable Reduction in Activity
Babuk BlackMatter DarkSide REvil Avaddon Babuk BlackMatter DarkSide LockBit Mailto REvil 2021-10-05 ⋅
Trend Micro ⋅ Byron Gelera, Fyodor Yarochkin, Janus Agcaoili, Nikko Tamana
Ransomware as a Service: Enabler of Widespread Attacks
Cerber Conti DarkSide Gandcrab Locky Nefilim REvil Ryuk 2021-09-23 ⋅ Blackberry ⋅ The BlackBerry Research &
Intelligence Team
Threat Thursday: BlackMatter RaaS - Darker Than DarkSide?
BlackMatter DarkSide BlackMatter DarkSide 2021-09-14 ⋅ CrowdStrike ⋅ CrowdStrike Intelligence Team
Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack
BlackMatter DarkSide REvil Avaddon BlackMatter Clop Conti CryptoLocker DarkSide DoppelPaymer Hades
REvil 2021-09-02 ⋅ US Department of Health and Human Services ⋅ Health Sector Cybersecurity Coordination Center (HC3)
Demystifying BlackMatter
BlackMatter BlackMatter DarkSide 2021-08-30 ⋅ CrowdStrike ⋅ Eric Loui, Josh Reynolds
CARBON SPIDER Embraces Big Game Hunting, Part 1
Bateleur Griffon Carbanak DarkSide JSSLoader PILLOWMINT REvil 2021-08-15 ⋅ Symantec ⋅ Threat Hunter Team
The Ransomware Threat
Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike
https://malpedia.caad.fkie.fraunhofer.de/details/win.darkside
Page 2 of 8

Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex
MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker 2021-08-06 ⋅ Group-IB ⋅ Andrey Zhdanov
It's alive! The story behind the BlackMatter ransomware strain
BlackMatter DarkSide BlackMatter DarkSide 2021-08-06 ⋅ ⋅ metabaseq ⋅ Jesus Dominguez, Miguel Gonzalez
Inside DarkSide, the ransomware that attacked Colonial Pipeline
DarkSide 2021-08-05 ⋅ Symantec ⋅ Threat Hunter Team
Attacks Against Critical Infrastructure: A Global Concern
BlackEnergy DarkSide DistTrack Stuxnet 2021-08-05 ⋅ cyble ⋅ Cyble
BlackMatter Under the Lens: An Emerging Ransomware Group Looking for Affiliates
DarkSide 2021-08-05 ⋅ KrebsOnSecurity ⋅ Brian Krebs
Ransomware Gangs and the Name Game Distraction
DarkSide RansomEXX Babuk Cerber Conti DarkSide DoppelPaymer Egregor FriedEx Gandcrab Hermes Maze
RansomEXX REvil Ryuk Sekhmet 2021-08-04 ⋅ Recorded Future ⋅ Insikt Group®
Protect Against BlackMatter Ransomware Before It’s Offered
BlackMatter DarkSide 2021-08-03 ⋅ Twitter (@sisoma2) ⋅ sisoma2
Python script for recovering the hashes hardcoded in different samples of the BlackMatter ransomware
DarkSide 2021-08-03 ⋅ Twitter (@ValthekOn) ⋅ Valthek
Tweet on blacklisted extensions & names of BlackMatter ransomware making the check against custom hashes
values
DarkSide 2021-08-03 ⋅ Twitter (@sysopfb) ⋅ Jason Reaves
Tweet on python script to decode the blob from Blackmatter ransomware
DarkSide 2021-08-02 ⋅ The Record ⋅ Dmitry Smilyanets
An interview with BlackMatter: A new ransomware group that’s learning from the mistakes of DarkSide and
REvil
DarkSide LockBit REvil 2021-08-01 ⋅ ⋅ ID Ransomware ⋅ Andrew Ivanov
BlackMatter Ransomware
DarkSide 2021-07-31 ⋅ Bleeping Computer ⋅ Lawrence Abrams
BlackMatter ransomware gang rises from the ashes of DarkSide, REvil
DarkSide REvil 2021-07-31 ⋅ Bleeping Computer ⋅ Lawrence Abrams
DarkSide ransomware gang returns as new BlackMatter operation
DarkSide 2021-07-27 ⋅ Recorded Future ⋅ Insikt Group®
BlackMatter Ransomware Emerges As Successor to DarkSide, REvil
DarkSide LockBit REvil 2021-07-27 ⋅ ZAYOTEM ⋅ Halil Filik
DarkSide Ransomware Technical Analysis Report
DarkSide 2021-07-13 ⋅ Threat Post ⋅ Becky Bracken
Guess Fashion Brand Deals With Data Loss After Ransomware Attack
DarkSide 2021-07-08 ⋅ CISA ⋅ US-CERT
Malware Analysis Report (AR21-189A): DarkSide Ransomware
DarkSide 2021-07-03 ⋅ Bleeping Computer ⋅ Sergiu Gatlan
US chemical distributor shares info on DarkSide ransomware data theft
DarkSide 2021-06-22 ⋅ Maltego ⋅ Intel 471, Maltego Team
Chasing DarkSide Affiliates: Identifying Threat Actors Connected to Darkside Ransomware Using Maltego &
https://malpedia.caad.fkie.fraunhofer.de/details/win.darkside
Page 3 of 8

Intel 471
DarkSide DarkSide 2021-06-16 ⋅ Mandiant ⋅ Jared Wilson, Jordan Nuce, Justin Moore, Mike Hunhoff, Nick Harbour, Robert Dean,
Tyler McLellan
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
DarkSide Cobalt Strike DarkSide SMOKEDHAM UNC2465 2021-06-14 ⋅ CYBER GEEKS All Things Infosec ⋅
CyberMasterV
A Step-by-Step Analysis of a New Version of DarkSide Ransomware
DarkSide 2021-06-13 ⋅ SecJuice ⋅ Secprentice
Blue Team Detection: DarkSide Ransomware
DarkSide 2021-06-10 ⋅ McAfee ⋅ ATR Operational Intelligence Team
Are Virtual Machines the New Gold for Cyber Criminals?
Babuk DarkSide 2021-06-04 ⋅ DeepInstinct ⋅ Bar Block
The Ransomware Conundrum – A Look into DarkSide
DarkSide 2021-06-03 ⋅ Medium s2wlab ⋅ Denise Dasom Kim, Hyunmin Suh, Jungyeon Lim, YH Jeong
W1 Jun | EN | Story of the week: Ransomware on the Darkweb
DarkSide Babuk DarkSide 2021-06-02 ⋅ CrowdStrike ⋅ Heather Smith, Josh Dalman
Under Attack: Protecting Against Conti, DarkSide, REvil and Other Ransomware
DarkSide Conti DarkSide REvil 2021-05-24 ⋅ MIT Technology Review ⋅ Daniel Golden, Renee Dudley
The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms
DarkSide DarkSide 2021-05-21 ⋅ 360 Total Security ⋅ kate
DarkSide’s Targeted Ransomware Analysis Report for Critical U.S. Infrastructure
DarkSide 2021-05-21 ⋅ Bleeping Computer ⋅ Ionut Ilascu
DarkSide affiliates claim gang's bitcoins in deposit on hacker forum
DarkSide 2021-05-20 ⋅ RiskIQ ⋅ Jennifer Grob
Analysis of Infrastructure used by DarkSide Affiliates
DarkSide 2021-05-20 ⋅ Digital Shadows ⋅ Stefano De Blasi
Ransomware-as-a-Service, Rogue Affiliates, and What’s Next
DarkSide DarkSide REvil 2021-05-19 ⋅ The Wall Street Journal ⋅ Collin Eaton
Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom
DarkSide DarkSide 2021-05-19 ⋅ Nozomi Networks ⋅ Alexey Kleymenov
Colonial Pipeline Ransomware Attack: Revealing How DarkSide Works
DarkSide 2021-05-18 ⋅ Elliptic ⋅ Tom Robinson
DarkSide Ransomware has Netted Over $90 million in Bitcoin
DarkSide DarkSide 2021-05-18 ⋅ The Record ⋅ Catalin Cimpanu
Darkside gang estimated to have made over $90 million from ransomware attacks
DarkSide DarkSide Mailto Maze REvil Ryuk 2021-05-18 ⋅ Bleeping Computer ⋅ Ionut Ilascu
DarkSide ransomware made $90 million in just nine months
DarkSide DarkSide Egregor Gandcrab Mailto Maze REvil Ryuk 2021-05-18 ⋅ KEYSIGHT TECHNOLOGIES ⋅ Radu
Emanuel Chiscariu
DarkSide Ransomware Behavior and Techniques
DarkSide 2021-05-18 ⋅ CrowdStrike ⋅ Karan Sood, Liviu Arsene, Shaun Hurley
DarkSide Goes Dark: How CrowdStrike Falcon Customers Were Protected
https://malpedia.caad.fkie.fraunhofer.de/details/win.darkside
Page 4 of 8

DarkSide DarkSide 2021-05-17 ⋅ Gigamon ⋅ Joe Slowik
Tracking DarkSide and Ransomware: The Network View
DarkSide DarkSide 2021-05-17 ⋅ splunk ⋅ Splunk Threat Research Team
DarkSide Ransomware: Splunk Threat Update and Detections
DarkSide 2021-05-17 ⋅ Fortinet ⋅ Fred Gutierrez, Gayathri Thirugnanasambandam, Val Saengphaibul
Newly Discovered Function in DarkSide Ransomware Variant Targets Disk Partitions
DarkSide 2021-05-14 ⋅ Blue Team Blog ⋅ Auth 0r
DarkSide Ransomware Operations – Preventions and Detections.
Cobalt Strike DarkSide 2021-05-14 ⋅ Intel 471 ⋅ Intel 471
The moral underground? Ransomware operators retreat after Colonial Pipeline hack
DarkSide DarkSide 2021-05-14 ⋅ Bleeping Computer ⋅ Lawrence Abrams
DarkSide ransomware servers reportedly seized, REvil restricts targets
DarkSide DarkSide 2021-05-14 ⋅ Advanced Intelligence ⋅ Vitali Kremez
From Dawn to "Silent Night": "DarkSide Ransomware" Initial Attack Vector Evolution
DarkSide 2021-05-14 ⋅ Elliptic ⋅ Dr. Tom Robinson
Elliptic Follows the Bitcoin Ransoms Paid by Colonial Pipeline and Other DarkSide Ransomware Victims
DarkSide DarkSide 2021-05-13 ⋅ Bloomberg ⋅ Jennifer Jacobs, Michael Riley, William Turton
Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom
DarkSide 2021-05-13 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Popular Russian hacking forum XSS bans all ransomware topics
DarkSide DarkSide LockBit REvil 2021-05-13 ⋅ The Record ⋅ Catalin Cimpanu
Popular hacking forum bans ransomware ads
DarkSide DarkSide 2021-05-13 ⋅ Bleeping Computer ⋅ Lawrence Abrams
Chemical distributor pays $4.4 million to DarkSide ransomware
DarkSide DarkSide 2021-05-12 ⋅ Trend Micro ⋅ Trend Micro Research
What We Know About Darkside Ransomware and the US Pipeline Attack
DarkSide 2021-05-12 ⋅ Zero Day ⋅ Kim Zetter
Anatomy of a $2 Million Darkside Ransomware Breach
DarkSide 2021-05-12 ⋅ Palo Alto Networks Unit 42 ⋅ Ramarcus Baylor
DarkSide Ransomware Gang: An Overview
DarkSide 2021-05-12 ⋅ SecurityScorecard ⋅ Ryan Sherstobitoff
New Evidence Supports Assessment that DarkSide Likely Responsible for Colonial Pipeline Ransomware Attack;
Others Targeted
DarkSide DarkSide 2021-05-11 ⋅ KrebsOnSecurity ⋅ Brian Krebs
A Closer Look at the DarkSide Ransomware Gang
DarkSide 2021-05-11 ⋅ CISA ⋅ US-CERT
Alert (AA21-131A) DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware
Attacks
DarkSide 2021-05-11 ⋅ Sophos ⋅ Ferenc László Nagy, Gabor Szappanos, Mark Loman, Peter Mackenzie, Sean Gallagher, Suriya
Natarajan, Szabolcs Lévai, Yusuf Arslan Polat
A defender’s view inside a DarkSide ransomware attack
DarkSide 2021-05-11 ⋅ Dragos ⋅ Mike Hoffman, Tom Winston
https://malpedia.caad.fkie.fraunhofer.de/details/win.darkside
Page 5 of 8

Recommendations Following the Colonial Pipeline Cyber Attack
DarkSide 2021-05-11 ⋅ Flashpoint ⋅ Flashpoint
DarkSide Ransomware Links to REvil Group Difficult to Dismiss
DarkSide REvil 2021-05-11 ⋅ splunk ⋅ James Brodsky
The DarkSide of the Ransomware Pipeline
DarkSide 2021-05-11 ⋅ FireEye ⋅ Alyssa Rahman, Andrew Moore, Brendan McKeague, Jared Wilson, Jeremy Kennelly, Jordan Nuce,
Kimberly Goody
Shining a Light on DARKSIDE Ransomware Operations
Cobalt Strike DarkSide 2021-05-11 ⋅ Mandiant ⋅ Alyssa Rahman, Andrew Moore, Brendan McKeague, Jared Wilson, Jeremy
Kennelly, Jordan Nuce, Kimberly Goody, Matt Williams
Shining a Light on DARKSIDE Ransomware Operations
DarkSide DarkSide UNC2465 2021-05-10 ⋅ SecurityIntelligence ⋅ Limor Kessem
Shedding Light on the DarkSide Ransomware Attack
DarkSide 2021-05-10 ⋅ Intel 471 ⋅ Intel 471
Here’s what we know about DarkSide ransomware
DarkSide 2021-05-10 ⋅ DarkTracer ⋅ DarkTracer
Intelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware
gangs released on the DarkWeb
RansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze
MedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok
RansomEXX REvil Sekhmet SunCrypt ThunderX 2021-05-10 ⋅ SentinelOne ⋅ SentinelOne
Meet DarkSide and Their Ransomware – SentinelOne Customers Protected
DarkSide 2021-05-10 ⋅ ⋅ Anheng Threat Intelligence Center ⋅ Hunting Shadow Lab
Analysis of U.S. Oil Products Pipeline Operators Suspended by Ransomware Attacks
DarkSide 2021-05-08 ⋅ Reuters ⋅ Christopher Bing, Stephanie Kelly
Cyber attack shuts down top U.S. fuel pipeline network
DarkSide 2021-05-06 ⋅ Cyborg Security ⋅ Brandon Denker
Ransomware: Hunting for Inhibiting System Backup or Recovery
Avaddon Conti DarkSide LockBit Mailto Maze Mespinoza Nemty PwndLocker RagnarLocker RansomEXX
REvil Ryuk Snatch ThunderX 2021-05-06 ⋅ Chuongdong blog ⋅ Chuong Dong
Darkside Ransomware
DarkSide 2021-05-06 ⋅ Chuongdong blog ⋅ Chuong Dong
Darkside Ransomware
DarkSide 2021-05-01 ⋅ Twitter (@JAMESWT_MHT) ⋅ JamesWT
Tweet on linux version of DarkSide ransomware
DarkSide DarkSide 2021-04-28 ⋅ ⋅ La Repubblica ⋅ Andrea Greco
Un sospetto attacco telematico blocca le filiali della Bcc di Roma
DarkSide 2021-04-26 ⋅ CoveWare ⋅ CoveWare
Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound
Avaddon Clop Conti DarkSide Egregor LockBit Mailto Phobos REvil Ryuk SunCrypt 2021-04-25 ⋅ Vulnerability.ch
Blog ⋅ Corsin Camichel
Ransomware and Data Leak Site Publication Time Analysis
https://malpedia.caad.fkie.fraunhofer.de/details/win.darkside
Page 6 of 8

Avaddon Babuk Clop Conti DarkSide DoppelPaymer Mespinoza Nefilim REvil 2021-04-22 ⋅ The Record ⋅ Catalin
Cimpanu
Ransomware gang wants to short the stock price of their victims
DarkSide 2021-04-12 ⋅ DataBreaches.net ⋅ Dissent
A chat with DarkSide
DarkSide 2021-04-01 ⋅ Cybereason ⋅ Cybereason Nocturnus
Cybereason vs. DarkSide Ransomware
DarkSide 2021-03-18 ⋅ Varonis ⋅ Snir Ben Shimol
Return of the Darkside: Analysis of a Large-Scale Data Theft Campaign
DarkSide 2021-03-09 ⋅ Youtube (SANS Digital Forensics and Incident Response) ⋅ Eric Loui, Sergei Frankoff
Jackpotting ESXi Servers For Maximum Encryption | Eric Loui & Sergei Frankoff | SANS CTI Summit 2021
DarkSide RansomEXX DarkSide RansomEXX GOLD DUPONT 2021-02-26 ⋅ CrowdStrike ⋅ Eric Loui, Sergei Frankoff
Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to
Maximize Impact
DarkSide RansomEXX Griffon Carbanak Cobalt Strike DarkSide IcedID MimiKatz PyXie RansomEXX REvil
2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike
2021 Global Threat Report
RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide
DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker
Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT
RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST
SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER
SOLAR SPIDER VIKING SPIDER 2021-01-25 ⋅ SOC Prime ⋅ Emanuele De Lucia
Affiliates vs Hunters: Fighting the DarkSide
DarkSide 2021-01-11 ⋅ Bitdefender ⋅ Bitdefender Team
Darkside Ransomware Decryption Tool
DarkSide 2021-01-01 ⋅ Secureworks ⋅ SecureWorks
Threat Profile: GOLD WATERFALL
Cobalt Strike DarkSide GOLD WATERFALL 2021-01-01 ⋅ CrowdStrike ⋅ Eric Loui, Sergei Frankoff
Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to
Maximize Impact
DarkSide RansomEXX DarkSide RansomEXX GOLD DUPONT 2020-12-16 ⋅ Accenture ⋅ Paul Mansfield
Tracking and combatting an evolving danger: Ransomware extortion
DarkSide Egregor Maze Nefilim RagnarLocker REvil Ryuk SunCrypt 2020-12-03 ⋅ Medium GhouLSec ⋅ GhouLSec
[Mal Series #13] Darkside Ransom
DarkSide 2020-11-13 ⋅ Bleeping Computer ⋅ Lawrence Abrams
DarkSide ransomware is creating a secure data leak service in Iran
DarkSide 2020-11-12 ⋅ databreachtoday ⋅ Mathew J. Schwartz
Darkside Ransomware Gang Launches Affiliate Program
DarkSide 2020-10-23 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab
Leakware-Ransomware-Hybrid Attacks
Avaddon Clop Conti DarkSide DoppelPaymer Mailto Maze Mespinoza Nefilim RagnarLocker REvil Sekhmet
https://malpedia.caad.fkie.fraunhofer.de/details/win.darkside
Page 7 of 8

SunCrypt 2020-10-05 ⋅ Zawadi Done ⋅ Zawadi Done
DarkSide ransomware analysis
DarkSide 2020-09-22 ⋅ Digital Shadows ⋅ Stefano De Blasi
DarkSide: The New Ransomware Group Behind Highly Targeted Attacks
DarkSide 2020-08-25 ⋅ KELA ⋅ Victoria Kivilevich
How Ransomware Gangs Find New Monetization Schemes and Evolve in Marketing
Avaddon Clop DarkSide DoppelPaymer Mailto Maze MedusaLocker Mespinoza Nefilim RagnarLocker REvil
Sekhmet 2020-08-10 ⋅ ID Ransomware ⋅ Andrew Ivanov
DarkSide Ransomware
DarkSide 2020-08-01 ⋅ Acronis ⋅ Acronis Security
DarkSide Ransomware Does Not Attack Hospitals, Schools and Governments
DarkSide 2020-05-28 ⋅ CrowdStrike ⋅ The Crowdstrike Intel Team
DarkSide Pipeline Attack Shakes Up the Ransomware-as-a-Service Landscape
DarkSide DarkSide
[TLP:WHITE] win_darkside_auto (20251219 | Detects win.darkside.)
Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.darkside
https://malpedia.caad.fkie.fraunhofer.de/details/win.darkside
Page 8 of 8