Threat Actor Profile
Medium
Cybercriminal
Confidence Score
Tags
ransomware
ransomware.live
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
MITRE ATT&CK Techniques (4)
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'added_date': None,
'client': '2003264@sit.singaporetech.edu.sg',
'description': None,
'firstseen': '2024-01-24T14:43:03.761845+00:00',
'group': 'alphalocker',
'has_negotiations': False,
'has_ransomnote': False,
'lastseen': '2026-02-28T17:27:48.536383+00:00',
'locations': [{'available': True,
'fqdn': 'mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion',
'slug': 'http://mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion/blog_1',
'title': 'Blog',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 0,
'tiaras_metadata': {'has_negotiations': False,
'has_ransomnote': False,
'locations': [{'available': True,
'fqdn': 'mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion',
'slug': 'http://mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion/blog_1',
'title': 'Blog',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 0,
'ransomware_live_group': 'alphalocker',
'tools': {},
'url': 'https://www.ransomware.live/group/alphalocker',
'victims': 31,
'vulnerabilities': []},
'tiaras_source': 'ransomware.live',
'tools': {},
'ttps': [{'tactic_id': 'TA0001',
'tactic_name': 'Initial Access',
'techniques': [{'technique_details': 'Use of phishing emails to '
'compromise the target system, '
'typically containing '
'malicious attachments or '
'links.',
'technique_id': 'T1566',
'technique_name': 'Phishing'},
{'technique_details': 'Exploitation of '
'vulnerabilities in '
'public-facing applications '
'and lack of software '
'maintenance or patching as an '
'entry vector.',
'technique_id': 'T1190',
'technique_name': 'Exploit Public-Facing '
'Application'}]},
{'tactic_id': 'TA0010',
'tactic_name': 'Exfiltration',
'techniques': [{'technique_details': 'The group employs a double '
'extortion tactic, '
'exfiltrating data '
'automatically and/or via web '
'services before encryption, '
'threatening to leak the data '
'if ransom is not paid.',
'technique_id': 'T1020',
'technique_name': 'Automated Exfiltration; '
'Exfiltration Over Web Service'}]},
{'tactic_id': 'TA0040',
'tactic_name': 'Impact',
'techniques': [{'technique_details': 'Core ransomware action where '
'victim files are encrypted '
'for extortion purposes.',
'technique_id': 'T1486',
'technique_name': 'Data Encrypted for Impact'}]}],
'url': 'https://www.ransomware.live/group/alphalocker',
'victims': 31,
'vulnerabilities': []}