"...shifted to using ransomware variants such as ... Payload.bin."
Payload.bin
Payload.bin is a ransomware variant associated with the financially motivated cybercrime group GOLD DRAKE, also known as Evil Corp.
Profile source: Mallory opens in a new tabPayload.bin
Family profile
Payload.bin is a ransomware variant associated with the financially motivated cybercrime group GOLD DRAKE, also known as Evil Corp. The provided content states that after U.S. Treasury sanctions in 2019, Evil Corp shifted from earlier ransomware families and began using variants including WastedLocker, Hades, Phoenix CryptoLocker, and Payload.bin. This shift was accompanied by changes in tooling and intrusion tradecraft intended to reduce attribution and make victims less aware they were paying Evil Corp. The content does not provide specific technical details on Payload.bin’s encryption behavior, infection chain, targeted sectors, or unique indicators of compromise, but it places the malware within Evil Corp’s broader post-2019 ransomware operations.
Ransomware.live
Operational record
Reported operators
Threat actors
1 named in public reportingMITRE ATT&CK
Payload.bin in ATT&CK
7 distinct techniquesReporting