Jun 5, 2026
C2 Hosts: 142
Egregor
According to Heimdal, Egregor ransomware infection happens via a loader, then, in the victim’s firewall, it enables the Remote Desktop Protocol. After this part, the malware is free to move inside the victim’s network, identifying and disabling all the antivirus software it can find. The next step is the encryption of the data and the insertion of a ransom note named “RECOVER-FILES.txt” in all the compromised folders.
C2 Infrastructure
ISP/Residential 87%
Hosting/VPS 12%
Unknown 1%
Last 7 days
| Date | C2 Hosts |
|---|---|
| Jun 5, 2026 | 142 |
Further Reading
analyst1.com opens in a new tab
analyst1.com
analyst1.com opens in a new tab
analyst1.com
areteir.com opens in a new tab
areteir.com
assets.documentcloud.org opens in a new tab
assets.documentcloud.org
blog.bushidotoken.net opens in a new tab
blog.bushidotoken.net
blog.chainalysis.com opens in a new tab
blog.chainalysis.com
blog.emsisoft.com opens in a new tab
blog.emsisoft.com
blog.malwarebytes.com opens in a new tab
blog.malwarebytes.com
blog.minerva-labs.com opens in a new tab
blog.minerva-labs.com
blog.talosintelligence.com opens in a new tab
blog.talosintelligence.com
cisoclub.ru opens in a new tab
cisoclub.ru
docs.google.com opens in a new tab
docs.google.com
go.crowdstrike.com opens in a new tab
go.crowdstrike.com
go.recordedfuture.com opens in a new tab
go.recordedfuture.com
id-ransomware.blogspot.com opens in a new tab
id-ransomware.blogspot.com
intel471.com opens in a new tab
intel471.com
ke-la.com opens in a new tab
ke-la.com
krebsonsecurity.com opens in a new tab
krebsonsecurity.com
labs.sentinelone.com opens in a new tab
labs.sentinelone.com
news.sophos.com opens in a new tab
news.sophos.com
news.sophos.com opens in a new tab
news.sophos.com
public.intel471.com opens in a new tab
public.intel471.com
securelist.com opens in a new tab
securelist.com
securityaffairs.co opens in a new tab
securityaffairs.co
securityboulevard.com opens in a new tab
securityboulevard.com
securityintelligence.com opens in a new tab
securityintelligence.com
ssu.gov.ua opens in a new tab
ssu.gov.ua
symantec.broadcom.com opens in a new tab
symantec.broadcom.com
therecord.media opens in a new tab
therecord.media
therecord.media opens in a new tab
therecord.media
twitter.com opens in a new tab
twitter.com
unit42.paloaltonetworks.com opens in a new tab
unit42.paloaltonetworks.com
web.archive.org opens in a new tab
web.archive.org
web.archive.org opens in a new tab
web.archive.org
accenture.com opens in a new tab
accenture.com
appgate.com opens in a new tab
appgate.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
cert.ssi.gouv.fr opens in a new tab
cert.ssi.gouv.fr
cert.ssi.gouv.fr opens in a new tab
cert.ssi.gouv.fr
cert.ssi.gouv.fr opens in a new tab
cert.ssi.gouv.fr
cert.ssi.gouv.fr opens in a new tab
cert.ssi.gouv.fr
cert.ssi.gouv.fr opens in a new tab
cert.ssi.gouv.fr
coveware.com opens in a new tab
coveware.com
cronup.com opens in a new tab
cronup.com
crowdstrike.com opens in a new tab
crowdstrike.com
cybereason.com opens in a new tab
cybereason.com
domaintools.com opens in a new tab
domaintools.com
fireeye.com opens in a new tab
fireeye.com
group-ib.com opens in a new tab
group-ib.com
hornetsecurity.com opens in a new tab
hornetsecurity.com
huntandhackett.com opens in a new tab
huntandhackett.com
intrinsec.com opens in a new tab
intrinsec.com
justice.gov opens in a new tab
justice.gov
morphisec.com opens in a new tab
morphisec.com
proofpoint.com opens in a new tab
proofpoint.com
trendmicro.com opens in a new tab
trendmicro.com
trendmicro.com opens in a new tab
trendmicro.com
zdnet.com opens in a new tab
zdnet.com
zdnet.com opens in a new tab
zdnet.com