25/11/2024
CTI
Dissecting 8Base: the anatomy of a cybercriminal threat actor
Dissecting 8Base: the anatomy of a cybercriminal threat actor
This report jointly prepared by Almond CWATCH and Amossys teams highlights the connection between 8Base a group of cybercriminals targeting small companies since 2022 and Phobos, a well-known ransomware used in the wild since 2019 and primarily targeting Windows systems. 8Base was mainly active during the end of 2023, and we’ve recently seen its reappearance in October 2024, which prompted us to publish this document.
In this document, you will find a threat profile of 8Base Threat Actor Group (TAG) followed by a deep forensic analysis on a specific case. Finally, this document brings out the results of our reverse engineering study of one variant of this ransomware, using a known Phobos strain.