NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / Storm-0501

Storm-0501

Overview

Storm-0501 is a financially motivated cyber criminal group that uses commodity and open-source tools to conduct ransomware operations. Storm-0501 has been active since 2021 and has previously been affiliated with Sabbath Ransomware and other Ransomware-as-a-Service (RaaS) variants such as Hive, BlackCat, Hunters International, LockBit 3.0, and Embargo ransomware.

Capabilities

  • Destructive / data-wiping operations — ATT&CK T1485
  • Exploitation of public-facing / client applications — ATT&CK T1190

TTPs — 42 techniques across 13 tactics

Resource Development

Initial Access

Execution

Persistence

Stealth

Defense Impairment

Credential Access

Lateral Movement

Collection

Command and Control

Tools & malware (8)

Impacket · Tasklist · Cobalt Strike · Embargo · Rclone · Nltest · Net · AADInternals

Reporting (3)