Operator dossier

0APT is a ransomware operator currently active on public leak sites. This group is newly observed and first observation suggest this is not a serious group, as most - if not all - of the claims cannot be validated and are for random company names. <br/>Analysis of available GitHub repositories and sandbox detonations suggest the actor lists those sandbox runs as victims. <br/>The extracted data should be approached with a high degree of caution.

How we know this. Operator profiles on Darkfield are built from continuous monitoring of every leak site the group is known to operate, cross-correlated with community-curated feeds (RansomLook, ransomware.live, RansomWatch, MISP-galaxy). Status flips from active to inactive when no new disclosure appears for 60 days. MITRE ATT&CK mappings shown in the interactive section below are sourced from CISA, vendor analysis, and the MITRE community catalog — we attribute each technique back to its source. Aliases reflect operator re-brands and affiliate splits.

Active ransomware operator

← All groups

0APT

0 victims indexed

Victims indexed

—

Active period

—

Countries hit

At a glance

Status: active
First seen: —
Last activity: —
Onion sites: 1 known endpoint

About

This group is newly observed and first observation suggest this is not a serious group, as most - if not all - of the claims cannot be validated and are for random company names. <br/>Analysis of available GitHub repositories and sandbox detonations suggest the actor lists those sandbox runs as victims. <br/>The extracted data should be approached with a high degree of caution.

References

1 link

External sources curated by the MISP threat-intel community.

ransomlook.io/group/0apt

Recent victims

Loading…

Onion infrastructure

1 known

http://oaptxiyisljt2kv3we2we34kuudmqda7f2geffoylzpeo7ourhtz4dad.onion

Source

Updated recently

Data on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.