ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool Hades

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Hades

TypeRansomware, Big Game Hunting
Description(Accenture) At this time, it is unclear if the unknown threat group operates under an affiliate model, or if Hades is distributed by a single group. Under an affiliate model, developers’ partner with affiliates who are responsible for various tasks or stages of the operation lifecycle, such as distributing the malware, providing initial access to organizations or even target selection and reconnaissance. However, based on intrusion data from incident response engagements, the operators tailor their tactics and tooling to carefully selected targets and run a more “hands on keyboard” operation to inflict maximum damage and higher payouts.

In addition, we identified similarities in the Hades ransom notes to those that have been used by REvil ransomware operators, where portions of the ransom notes observed contain identical wording. The differentiating factors in the ransom notes are the operators’ contact information and the formatting of the ransom notes. While the ransom notes are similar, we do not have any evidence to suggest the threat groups or operations have any overlap at this time.

Last change to this tool card: 08 August 2021

Download this tool card in JSON format

All groups using tool Hades


APT groups

 Indrik SpiderRussia2014-Dec 2021X

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]