Active ransomware operator
← All groupsSarcoma
aka Sarcoma Ransomware Group · 150 victims indexed · first seen 2 years ago · last activity 2 months ago
At a glance
- Status
- active
- Aliases
- Sarcoma Ransomware Group
- First seen
- 2 years ago
- Last activity
- 2 months ago
- Onion sites
- 1 known endpoint
- Primary sector
- Not Found · 59 hits
About
References
4 linksExternal sources curated by the MISP threat-intel community.
Timeline
17 monthsTop countries
Top sectors
MITRE ATT&CK
5 techniques · 4 tacticsTactics
Recent victims
Loading…
Onion infrastructure
1 known- http://sarcomawmawlhov7o5mdhz4eszxxlkyaoiyiy2b5iwxnds2dmb4jakad.onion
Source
Updated 2 months agoData on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.
Get alerted the next time Sarcoma posts a victim.
Add Sarcoma to your watchlist — Pro pings you within 5 minutes of any new Sarcoma leak-site post, Telegram callout, or affiliate-rebrand inference.

