mor3intel logo
mor3intelThreat Intelligence
DashboardVictimsGroupsCountriesStatsATT&CKRulesIOC Lookup
InstagramTelegram
5 Active Threats
Back to Dashboard

8Base

active

Also known as: 8Base Ransomware

8Base is a ransomware group that emerged in 2023 and rapidly grew to become one of the most active threat actors. They use a modified version of Phobos ransomware and target small to medium businesses.

First Seen

2023-03

Last Activity

2025-01

Target Regions

3 regions

Industries

5 sectors

Business ServicesManufacturingConstructionFinanceHealthcare
Attack Chain (MITRE ATT&CK)
Visual representation of the attack phases and techniques used by 8Base

Click on a phase to view details and MITRE ATT&CK technique IDs

Tactics & Techniques
MITRE ATT&CK mapped tactics and techniques used by this threat actor
Technique IDNameTacticDescriptionReference
T1566PhishingInitial AccessMalicious email attachments and linksMITRE
T1486Data Encrypted for ImpactImpactPhobos-derived encryptionMITRE
Indicators of Compromise (IOCs)
Known IOCs associated with 8Base operations
TypeValueDescriptionLast SeenActions
hashd0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e18Base ransomware payload2025-01-16
filenameinfo.txtRansom note—

IOCs are defanged for safety. Click copy to get the clean value.

Detection Guidance
SIEM and EDR detection recommendations for identifying 8Base activity
  • 1
    Monitor for SmokeLoader indicators
  • 2
    Detect SystemBC C2 traffic
  • 3
    Alert on Phobos encryption patterns
  • 4
    Monitor for bulk file modifications
Mitigation, Containment & Recovery
Step-by-step guidance for responding to and recovering from this ransomware attack
  • 1
    Patch SonicWall appliances
  • 2
    Block phishing at gateway
  • 3
    Isolate infected systems
mor3intel logomor3intel

This platform is intended for defensive cybersecurity, incident response, and recovery purposes only. Information provided is for educational and defensive use.

@mor3cod3@mor3cod3
© 2026 mor3intel