Ransomware Group intelligence
Apt73
ActiveTrack Apt73 with 172 published victims and 11 known leak locations in a single intelligence view.
Overview
Apt73 is tracked by Breach House as a ransomware group with 172 published victims.
United States is currently the most targeted country in this dataset.
11 known leak locations are currently associated with this group.
Top Countries
Interactive distribution based on the currently visible victims list.
Known Leak Locations (11)
| Label | Type | Availability | Links |
|---|---|---|---|
| Leak location 1 | Web location | Unknown | eraleignews.com |
| Leak location 2 | Onion service | Unknown | wn6vonooq6fggjdgyocp7bioykmfjket7sbp47cwhgubvowwd7ws5pyd.onion |
| Leak location 3 | Onion service | Unknown | fleqwmg7xnanypt5km2m75l72q7nlcvlp2m4sdmgjxorsn6tb3zyp3qd.onion |
| Leak location 4 | Onion service | Unknown | apt73grpjgjwykrenq7vnjejue76vosdzptdvmonv7vyqnsyokrw57ad.onion |
| Leak location 5 | Onion service | Unknown | bashe4aec32kr6zbifwd5x6xgjsmhg4tbowrbx4pneqhc5mqooyifpid.onion |
| Leak location 6 | Onion service | Unknown | basheqtvzqwz4vp6ks5lm2ocq7i6tozqgf6vjcasj4ezmsy4bkpshhyd.onion |
| Leak location 7 | Onion service | Unknown | basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion |
| Leak location 8 | Onion service | Unknown | basherykagbxoaiaxkgqhmhd5gbmedwb3di4ig3ouovziagosv4n77qd.onion |
| Leak location 9 | Onion service | Unknown | basherykagbxoaiaxkgqhmhd5gbmedwb3di4ig3ouovziagosv4n77qd.onion |
| Leak location 10 | Onion service | Unknown | bashete63b3gcijfofpw6fmn3rwnmyi5aclp55n6awcfbexivexbhyad.onion |
| Leak location 11 | Onion service | Unknown | bashex7mokreyoxl6wlswxl4foi7okgs7or7aergnuiockuoq35yt3ad.onion |
Top Activity Sectors
No sector intelligence available.
Ransom Notes (0)
▼No ransom notes available for this group.
Tools Used
▼No tools used available.
YARA Rules (0)
▼No YARA rules available.
Indicators of Compromise (0)
▼No IoCs available for this group.
Negotiation Chats (0)
▼No negotiation chats available.
Research Sources
No external research sources linked yet.
Victims (172)
Search, filter and paginate the victim timeline for Apt73. Showing 1–100 of 172.
| Type | Target | Discovered | Country | Business Category | Intel Link |
|---|---|---|---|---|---|
| Ransomware | dgcement.com id30288 View details | Algeria | Manufacturing / Engineering | ||
|
DGCement operates in the manufacturing and engineering sector, providing various products and services in Algeria. As a key player in the country's industrial landscape, the company's activities are focused on serving local and regional markets. DGCement was listed as a ransomware victim associated with APT73. |
|||||
| Ransomware | dgcement.com id30288 View details | Algeria | Manufacturing / Engineering | ||
|
dgcement.com — this is the website of D.G. Khan Cement Company Limited (DG Cement), a major cem... |
|||||
| Ransomware | azarestan.com id30286 View details | Iran, Islamic Republic of | Other | ||
|
Azarestan.com is an entity based in Iran, operating in the other sector. The company's specific offerings are not well-documented. Azarestan.com was listed as a ransomware victim associated with apt73 |
|||||
| Ransomware | azarestan.com id30286 View details | Iran, Islamic Republic of | Other | ||
|
azarestan.com (Azarestan Business Development Group) is a holding company based in Iran. Azaresta... |
|||||
| Ransomware | vicentetrapani.com id30283 View details | Argentina | Other | ||
|
Vicentetrapani.com is an entity based in Argentina, operating in the other sector. The entity's specific offerings are not well-documented. Vicentetrapani.com was listed as a ransomware victim associated with apt73. |
|||||
| Ransomware | vicentetrapani.com id30283 View details | Argentina | Other | ||
|
vicentetrapani.com — this is the website of Vicente Trapani S.A., an agro-industrial holding co... |
|||||
| Ransomware | westernint.com id30281 View details | United States | Finance / Legal / Insurance | ||
|
Western International Securities, operating as westernint.com, is a financial services company based in the United States, offering various insurance and financial products. The company operates within the finance, legal, and insurance sectors, providing services to clients across the US. Westernint.com was listed as a ransomware victim associated with apt73 |
|||||
| Ransomware | westernint.com id30281 View details | United States | Finance / Legal / Insurance | ||
|
Western International Group is a large private conglomerate based in Dubai that operates in the r... |
|||||
| Ransomware | aydeniz.com id30243 View details | Türkiye | Transportation / Travel / Logistics | ||
|
Aydeniz.com is a Turkish company operating in the transportation and logistics sector, providing services in Turkey. The company's offerings likely include freight forwarding, cargo handling, and other related services. Aydeniz.com was listed as a ransomware victim associated with apt73 |
|||||
| Ransomware | aydeniz.com id30243 View details | Türkiye | Transportation / Travel / Logistics | ||
|
Aydeniz Group is a family-owned group of companies founded in 1975, operating in several key indu... |
|||||
| Ransomware | flazio.com id30235 View details | Brazil | IT | ||
|
Flazio.com is a Brazilian company operating in the IT sector, providing various services. The company is based in Brazil and offers solutions related to its sector. Flazio.com was listed as a ransomware victim associated with apt73 |
|||||
| Ransomware | flazio.com id30235 View details | Brazil | IT | ||
|
lazio.com — this is a company from Italy. Flazio is a website builder platform that allows use... |
|||||
| Ransomware | holidaypalace.com id30236 View details | Macao | Hospitality / Food & Beverage / Tourism | ||
|
Holidaypalace.com is a company operating in the hospitality sector, specifically in the tourism industry of Macau. It likely offers accommodations and other travel-related services to its customers. The company is part of the food and beverage industry as well, given its presence in the hospitality sector. Holidaypalace.com was listed as a ransomware victim associated with apt73. |
|||||
| Ransomware | holidaypalace.com id30236 View details | Macao | Hospitality / Food & Beverage / Tourism | ||
|
Holiday Palace Hotel in Spain. Guest information, internal documents, reports, photos, videos, an... |
|||||
| Ransomware | ritavo.com id30228 View details | Austria | Retail / E-commerce | ||
|
Ritavo.com operates in the retail and e-commerce sector, offering various products to customers in Austria. As an online retailer, the company provides a platform for customers to purchase goods. Ritavo.com was listed as a ransomware victim associated with apt73. |
|||||
| Ransomware | ritavo.com id30228 View details | Austria | Retail / E-commerce | ||
|
ritavo.com is the website of Rita Võ Group, a private multidisciplinary holding company from Vie... |
|||||
| Ransomware | kliknklik.com id29983 View details | Indonesia | Retail / E-commerce | ||
|
Kliknklik.com is an e-commerce platform operating in Indonesia, offering various products to its customers in the retail sector. As an online retailer, it provides a range of goods and services to the Indonesian market. Kliknklik.com was listed as a ransomware victim associated with apt73 |
|||||
| Ransomware | kliknklik.com id29983 View details | Indonesia | Retail / E-commerce | ||
|
KliknKlik.com — a company from Indonesia, an online retailer and distributor of computer equipm... |
|||||
| Ransomware | gov.br id29984 View details | Brazil | Public Sector | ||
|
gov.br is the official domain of the Brazilian government, providing various public services and information to citizens. The public sector entity is responsible for managing and maintaining government websites, online services, and digital infrastructure in Brazil. gov.br was listed as a ransomware victim associated with apt73 |
|||||
| Ransomware | gov.br id29984 View details | Brazil | Public Sector | ||
|
Gov.br — this is the official state digital platform and domain zone of the Brazilian Federal G... |
|||||
| Ransomware | viennaairport.com id29991 View details | Austria | — | ||
|
Viennaairport.com is the official website of Vienna International Airport, a major airport located in Austria, offering flight information, airport services, and travel guides. The airport serves as a key transportation hub in the country, providing various amenities to passengers. Viennaairport.com was listed as a ransomware victim associated with apt73 |
|||||
| Ransomware | viennaairport.com id29991 View details | Austria | — | ||
|
Vienna Airport (Flughafen Wien AG) is an Austrian company, the operator of Vienna International A... |
|||||
| Ransomware | smarty.arpinet.am id29577 View details | Armenia | IT | ||
|
***.am - it is an online platform for managing real estate data in the Armenian market, provi... |
|||||
| Ransomware | elections.mia.gov.am from WOLVES OF TURAN id29569 View details | Armenia | Public Sector | ||
|
Hello, dear visitors of Bashe's blog. Today, we contacted the Turkish Wolves of Turan group and b... |
|||||
| Ransomware | tkgm.gov.tr id29316 View details | Türkiye | Public Sector | ||
|
TKGM (Tapu ve Kadastro Genel Müdürlüğü) is a government agency from Turkey, the General Dire... |
|||||
| Ransomware | minsa.com.mx id29317 View details | Mexico | Other | ||
|
Minsa is a company from Mexico, one of the largest producers of nixtamalizada (masa harina) corn ... |
|||||
| Ransomware | tvnmedia.com id29309 View details | Poland | Communication / Marketing | ||
|
TVN Media is a multimedia company from Panama, engaged in broadcasting, radio, digital media and ... |
|||||
| Ransomware | grupopetersen.com.ar id29302 View details | Argentina | Manufacturing / Engineering | ||
|
Grupo Petersen is a multidisciplinary financial and industrial group from Argentina, operating in... |
|||||
| Ransomware | narit.or.th id29303 View details | Thailand | Other | ||
|
The National Astronomical Research Institute of Thailand (Thailand's National Astronomical Resear... |
|||||
| Ransomware | alkaloid.com.mk id29305 View details | North Macedonia | Healthcare / Pharma | ||
|
Alkaloid is a pharmaceutical company from Northern Macedonia, founded in Skopje in 1936, producin... |
|||||
| Ransomware | ungererandcompany.com id29299 View details | Germany | Manufacturing / Engineering | ||
|
Ungerer & Company is a privately held company in the flavors and fragrances industry with manufacturing and supply operations serving ingredients, flavors, and fragrances. Its website describes global headquarters in the United States and production and contact locations in North America, Mexico, and the UK, reflecting an international manufacturing and engineering footprint. The company presents itself as a developer and manufacturer focused on quality ingredients and aroma products for commercial use. It was listed as a ransomware victim associated with apt73. |
|||||
| Ransomware | trifecta.com id28519 View details | United States | Retail / E-commerce | ||
|
Information: Trifecta is a trusted advisor for some of the most widely recognized and successful ... |
|||||
| Ransomware | credio.eu id28520 View details | Austria | Finance / Legal / Insurance | ||
|
Czech company Credio. IT consulting, electronic document management. Credits to internal systems.... |
|||||
| Ransomware | servicepower.com id28521 View details | United Kingdom | IT | ||
|
Large software development company Service Power. Great Britain. Documents of internal systems, c... |
|||||
| Ransomware | bigalsfoodservice.co.uk id28522 View details | United Kingdom | Agriculture / Food | ||
|
Our foodservice roots trace all the way back to a butchers shop in Dublin city centre in 1966. Ke... |
|||||
| Ransomware | gannons.co.uk id28523 View details | United Kingdom | Finance / Legal / Insurance | ||
|
Gannons Commercial Law Limited Catherine Gannon, then a tax solicitor at a large US law firm, lo... |
|||||
| Ransomware | pindrophearing.co.uk id28524 View details | United Kingdom | Healthcare / Medicine | ||
|
We’re specialists in the diagnosis and treatment of hearing conditions, but just as important i... |
|||||
| Ransomware | talonsolutions.co.uk id28525 View details | United Kingdom | IT | ||
|
Talon Solutions Ltd was formed by Vince Cluderay in 2002 for the purpose of selling document mana... |
|||||
| Ransomware | northernsafety.com id28526 View details | United States | Retail / E-commerce | ||
|
Northern Safety Co., Inc. operates as a personal safety equipment distributor company. The Compan... |
|||||
| Ransomware | legilog.fr id28527 View details | France | IT | ||
|
Management software for culture, businesses, religion and bishoprics. 10 GBs crm systems / expo... |
|||||
| Ransomware | scopeset.de id28528 View details | Germany | IT | ||
|
We offer support services for all our developed solutions and tools with an emphasize on direct a... |
|||||
| Ransomware | trinitesolutions.com id28529 View details | United States | IT | ||
|
Trinite Solutions was established in 2003. Its mission is to develop, market and implement busine... |
|||||
| Ransomware | assurified.com id28530 View details | United States | Finance / Legal / Insurance | ||
|
Assurified is a U.S.-based proptech and insurance-operations company focused on rental housing, with a platform that helps owners and operators manage total cost of risk (TCOR). Its offering connects source evidence, renewal workflow, claims continuity, resident risk management, and TCOR decisioning in an owner-controlled operating layer. The company also describes white-label tools for agency, brokerage, consulting, and property-management partners serving multifamily and rental-housing programs. Assurified.com was listed as a ransomware victim associated with apt73. |
|||||
| Ransomware | baldinger-ag.ch id28531 View details | Switzerland | Manufacturing / Engineering | ||
|
Since 1970, Baldinger Fahrzeugbau has stood for continuous innovation and the highest quality. We... |
|||||
| Ransomware | lamaisonducitron.com id28532 View details | France | Agriculture / Food | ||
|
Lemon product store. |
|||||
| Ransomware | protectasecurity.pe id28533 View details | Peru | Finance / Legal / Insurance | ||
|
Protecta Security provides insurance, microfinance and financial services. Internal docs, financi... |
|||||
| Ransomware | netromsoftware.ro id28534 View details | Romania | IT | ||
|
Romanian software development company. Export CRM |
|||||
| Ransomware | sella.eng.br id28535 View details | Brazil | Construction / Real Estate | ||
|
mentoring programs for managers. Internal and personal docs. 0.3 GB |
|||||
| Ransomware | polleninformation.at id28536 View details | Austria | Healthcare / Medicine | ||
|
Pollen situation informational site. Personal info + Pass. 22140 lines |
|||||
| Ransomware | sansirostadium.com id28537 View details | Iran, Islamic Republic of | Hospitality / Food & Beverage / Tourism | ||
|
UEFA personal contact data. |
|||||
| Ransomware | siapenet.gov.br id28538 View details | Brazil | Public Sector | ||
|
Today, SIAPE processes the remuneration of civil servants, regulated both by the uniform federal ... |
|||||
| Ransomware | certifiedinfosec.com id28539 View details | United States | Education | ||
|
Certified Information Security is a registered trade name for Certified Tech Trainers (CTT) (D-U-... |
|||||
| Ransomware | aliorbank.pl id28540 View details | Poland | Finance / Legal / Insurance | ||
|
Polish bank. Financial docs, internal docs. 0,06 GB of data. |
|||||
| Ransomware | bms.com id28541 View details | United States | Healthcare / Pharma | ||
|
Pharmaceutical company. personal data - 302 lines |
|||||
| Ransomware | minerasancristobal.com id28542 View details | Mexico | Energy | ||
|
Minerals & Mining. financial docs, internal docs, personal docs. |
|||||
| Ransomware | prixet.com id28543 View details | IT | |||
|
We are a technology company based in Europe and the Caribbean. We are dedicated to data creation ... |
|||||
| Ransomware | hl.co.uk id28544 View details | United Kingdom | Finance / Legal / Insurance | ||
|
The hl.co.uk domain is owned by Hargreaves Lansdown (legal name "Hargreaves Lansdown Asset Manage... |
|||||
| Ransomware | compensatii.gov.md id28545 View details | Moldova, Republic of | Public Sector | ||
|
compensatii.gov.md is the official online government platform of the Republic of Moldova, created... |
|||||
| Ransomware | mahidol.ac.th id28546 View details | Thailand | Education | ||
|
Mahidol University is a major public research university established in Thailand with deep histor... |
|||||
| Ransomware | corahperu.org id28547 View details | Peru | Public Sector | ||
|
corahperu.org is the official website of Proyecto Especial CORAH, a Peruvian government project a... |
|||||
| Ransomware | amtaar.com id28548 View details | United Arab Emirates | Agriculture / Food | ||
|
Amtaar Investment Company. Organization dedicated to transforming desert land into thriving food-... |
|||||
| Ransomware | banak.com id28549 View details | Türkiye | Retail / E-commerce | ||
|
Banak is a Spanish company that sells furniture and home decor. Internal documents, letters, atta... |
|||||
| Ransomware | bankasia-bd.com id28550 View details | Bangladesh | Finance / Legal / Insurance | ||
|
bankasia-bd.com is the official website of Bank Asia PLC, a commercial bank in Bangladesh. Intern... |
|||||
| Ransomware | bg.ac.rs id28551 View details | Serbia | Education | ||
|
University of Belgrade. Internal documents, letters, attachments, financial reports. Total size: ... |
|||||
| Ransomware | novoair-bd.com id28552 View details | Bangladesh | Transportation / Travel / Logistics | ||
|
novoair-bd.com is the website of Novoair, a private airline based in Bangladesh. Internal documen... |
|||||
| Ransomware | seit.cl id28553 View details | Chile | IT | ||
|
seit.cl is the website of SEiT S.p.A., a company providing IT services to businesses in Chile. In... |
|||||
| Ransomware | gedco.ps id28554 View details | Palestine, State of | Energy | ||
|
gedco.ps is the website of the Gaza Electricity Distribution Company (GEDCO), the electricity dis... |
|||||
| Ransomware | haca.ma id28555 View details | Morocco | Public Sector | ||
|
haca.ma is the official website of the High Authority for Audiovisual Communication (HACA). The o... |
|||||
| Ransomware | shj.ae id28556 View details | United Arab Emirates | Public Sector | ||
|
Sharjah Electricity, Water, and Gas Authority (sec.shj.ae) is a government-owned utility in Sharj... |
|||||
| Ransomware | moccae.gov.ae id28557 View details | United Arab Emirates | Public Sector | ||
|
The Ministry of Climate Change and Environment (moccae.gov.ae) is a government ministry in the Un... |
|||||
| Ransomware | vanheyghenstaal.be id28558 View details | Belgium | Manufacturing / Engineering | ||
|
Van Heyghen Staal is a metallurgical company in Belgium, which is engaged in the processing and r... |
|||||
| Ransomware | isosl.be id28559 View details | Belgium | Healthcare / Medicine | ||
|
ISOSL is an engineering company in Belgium, which deals with industrial solutions, automation and... |
|||||
| Ransomware | doghairinc.com id28560 View details | United States | Services | ||
|
Dog Hair INCluded is a small company (online brand) that sells pet accessories and products with ... |
|||||
| Ransomware | dpwh.gov.ph id28561 View details | Philippines | Public Sector | ||
|
Department of Public Works and Highways is a government agency in the Philippines that is respons... |
|||||
| Ransomware | iam.ma id28562 View details | Morocco | Telecommunications | ||
|
Maroc Telecom is a telecommunications company in Morocco that provides mobile communications, Int... |
|||||
| Ransomware | ires.ma id28563 View details | Morocco | Public Sector | ||
|
Institut Royal des Études Stratégiques is a state—owned analytical center in Morocco, which i... |
|||||
| Ransomware | 2m.ma id28564 View details | Morocco | Communication / Marketing | ||
|
2M TV (2m.ma ) is a national television channel in Morocco, which is engaged in television broadc... |
|||||
| Ransomware | centrum.sk id28565 View details | Slovakia | Communication / Marketing | ||
|
Centrum.sk (centrum.sk ) is an online portal in Slovakia that provides an email service, news and... |
|||||
| Ransomware | asunim.co id28566 View details | Colombia | Energy | ||
|
Asunim is a company operating in the field of renewable energy, which is engaged in the developme... |
|||||
| Ransomware | egov.sc id28567 View details | Seychelles | Public Sector | ||
|
eGov Seychelles is a government portal in Seychelles that provides online public services and ele... |
|||||
| Ransomware | phb.com id28568 View details | Germany | Finance / Legal / Insurance | ||
|
PHB Inc. is an industrial company in the United States that manufactures equipment and metal stru... |
|||||
| Ransomware | whessoe.com.my id28569 View details | Malaysia | Manufacturing / Engineering | ||
|
Whessoe Engineering (Malaysia) Sdn Bhd is an engineering company in Malaysia that designs and bui... |
|||||
| Ransomware | olpro.com.my id28570 View details | Malaysia | Manufacturing / Engineering | ||
|
OLPRO Engineering Sdn Bhd is an engineering company in Malaysia that designs and manufactures ind... |
|||||
| Ransomware | ifmis.go.ke id28571 View details | Kenya | Public Sector | ||
|
Integrated Financial Management Information System (IFMIS) is a government system in Kenya that i... |
|||||
| Ransomware | algosaibi-gtb.com id28572 View details | Saudi Arabia | Manufacturing / Engineering | ||
|
Abdulaziz & Saad Almoosaibi & GBT (Al‑Gosaibi GTB) is an industrial company in Saudi Arabia tha... |
|||||
| Ransomware | alx-pc.com id28573 View details | Germany | Education | ||
|
Alexandria Petroleum Company (APC) is a state—owned oil refining company in Egypt that processe... |
|||||
| Ransomware | arrawdah.org.sa id28574 View details | Saudi Arabia | NGOs / Associations | ||
|
Al Rawdah Cooperative Society is a cooperative organization in Saudi Arabia that provides social ... |
|||||
| Ransomware | cofaco.com id28575 View details | Colombia | Agriculture / Food | ||
|
Cofaco Industries S.A.C. is a textile company in Peru, which produces fabrics and tailoring (a fu... |
|||||
| Ransomware | dunav.com id28576 View details | Serbia | Finance / Legal / Insurance | ||
|
Dunav Insurance Company is an insurance company in Serbia that provides insurance for life, prope... |
|||||
| Ransomware | grupo-principal.com id28577 View details | Mexico | Construction / Real Estate | ||
|
Grupo Principal is a distribution company in Mexico that supplies and sells consumer goods (FMCG)... |
|||||
| Ransomware | jgpetrucci.com id28578 View details | United States | Construction / Real Estate | ||
|
J.G. Petrucci Company, Inc. is a real estate development and construction company in the United S... |
|||||
| Ransomware | medikaplaza.com id28579 View details | Pakistan | Healthcare / Medicine | ||
|
Medika Plaza is a healthcare company in Indonesia that provides medical services, corporate medic... |
|||||
| Ransomware | providentgh.com id28580 View details | Ghana | Finance / Legal / Insurance | ||
|
Provident Insurance Limited Company is an insurance company in Ghana that provides insurance (aut... |
|||||
| Ransomware | tni.mil.id id17783 View details | Indonesia | Other | ||
|
DATABASE OF NATIONAL INDONESIAN ARMY | NAMA NRP PANGKAT KORPS GRADE SATUAN JABATAN TGL LAH... |
|||||
| Ransomware | autogedal.ro id17616 View details | Romania | Transportation / Travel | ||
|
AutoGedal, the destination of confidence for passengers of travel, nature and adventure . With a ... |
|||||
| Ransomware | boostheat.com id17231 View details | France | Manufacturing / Engineering | ||
|
Industrial Machinery & Equipment | internal files, docs, employees' info, clients' info |
|||||
| Ransomware | mistralsolutions.com id17174 View details | India | Services | ||
|
Mistral Solutions is a certified technology design and systems engineering company (Embedded Syst... |
|||||
| Ransomware | India car owners id17173 View details | India | Telecommunications | ||
|
Name / Mobile No / Address / Pin Code / City / Submodel / Model / Assettype / Misstatus / Tenor ... |
|||||
| Ransomware | coel.com.mx id17125 View details | Mexico | Communication / Marketing | ||
|
ID,Name,Email,Group,Phone,ZIP,Country,State/Province,"Customer Since","Web Site","Confirmed email... |
|||||
| Ransomware | realtaxcanada.com id17121 View details | Canada | Finance / Legal / Insurance | ||
|
Accounting Services · Canada | clients' data. 5 GB |
|||||