Threat Actor Profile
High
Cybercriminal
Description
A new ransomware group is said to have emerged in mid-April 2024, under the name 'APT73.' It's worth noting that the group reportedly self-proclaimed as an APT, which stands for 'Advanced Persistent Threat' in the cybersecurity field. According to research, much of the available information about the aforementioned group came from another ransomware group known as LockBit. Source: https://github.com/crocodyli/ThreatActors-TTPs
Confidence Score
Known Aliases
bashe
Tags
ransomware
ransomware.live
bashe
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'added_date': None,
'client': '2003264@sit.singaporetech.edu.sg',
'description': 'A new ransomware group is said to have emerged in mid-April '
"2024, under the name 'APT73.' It's worth noting that the "
'group reportedly self-proclaimed as an APT, which stands for '
"'Advanced Persistent Threat' in the cybersecurity field.<br> "
'<br> According to research, much of the available information '
'about the aforementioned group came from another ransomware '
'group known as LockBit.<BR>Source: '
'https://github.com/crocodyli/ThreatActors-TTPs',
'firstseen': '2023-11-01T16:14:33.419596+00:00',
'group': 'apt73',
'has_negotiations': False,
'has_ransomnote': False,
'lastseen': '2026-04-27T16:56:40.546278+00:00',
'locations': [{'available': True,
'fqdn': 'bashe4aec32kr6zbifwd5x6xgjsmhg4tbowrbx4pneqhc5mqooyifpid.onion',
'slug': 'http://bashe4aec32kr6zbifwd5x6xgjsmhg4tbowrbx4pneqhc5mqooyifpid.onion',
'title': '',
'type': 'Files'},
{'available': True,
'fqdn': 'basheqtvzqwz4vp6ks5lm2ocq7i6tozqgf6vjcasj4ezmsy4bkpshhyd.onion',
'slug': 'http://basheqtvzqwz4vp6ks5lm2ocq7i6tozqgf6vjcasj4ezmsy4bkpshhyd.onion',
'title': 'BASHE',
'type': 'DLS'},
{'available': True,
'fqdn': 'bashex7mokreyoxl6wlswxl4foi7okgs7or7aergnuiockuoq35yt3ad.onion',
'slug': 'http://bashex7mokreyoxl6wlswxl4foi7okgs7or7aergnuiockuoq35yt3ad.onion',
'title': 'BASHE',
'type': 'DLS'},
{'available': True,
'fqdn': 'bashete63b3gcijfofpw6fmn3rwnmyi5aclp55n6awcfbexivexbhyad.onion',
'slug': 'http://bashete63b3gcijfofpw6fmn3rwnmyi5aclp55n6awcfbexivexbhyad.onion',
'title': 'BASHE',
'type': 'DLS'},
{'available': True,
'fqdn': 'basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion',
'slug': 'http://basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion/',
'title': 'BASHE',
'type': 'DLS'},
{'available': True,
'fqdn': 'basherykagbxoaiaxkgqhmhd5gbmedwb3di4ig3ouovziagosv4n77qd.onion',
'slug': 'http://basherykagbxoaiaxkgqhmhd5gbmedwb3di4ig3ouovziagosv4n77qd.onion',
'title': 'BASHE',
'type': 'DLS'},
{'available': False,
'fqdn': 'apt73grpjgjwykrenq7vnjejue76vosdzptdvmonv7vyqnsyokrw57ad.onion',
'slug': 'http://apt73grpjgjwykrenq7vnjejue76vosdzptdvmonv7vyqnsyokrw57ad.onion',
'title': 'APT73',
'type': 'DLS'},
{'available': False,
'fqdn': 'eraleignews.com',
'slug': 'http://eraleignews.com',
'title': 'APT73',
'type': 'DLS'},
{'available': False,
'fqdn': 'fleqwmg7xnanypt5km2m75l72q7nlcvlp2m4sdmgjxorsn6tb3zyp3qd.onion',
'slug': 'http://fleqwmg7xnanypt5km2m75l72q7nlcvlp2m4sdmgjxorsn6tb3zyp3qd.onion/',
'title': 'APT73',
'type': 'DLS'},
{'available': False,
'fqdn': 'wn6vonooq6fggjdgyocp7bioykmfjket7sbp47cwhgubvowwd7ws5pyd.onion',
'slug': 'http://wn6vonooq6fggjdgyocp7bioykmfjket7sbp47cwhgubvowwd7ws5pyd.onion',
'title': 'APT73',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 0,
'tiaras_metadata': {'has_negotiations': False,
'has_ransomnote': False,
'locations': [{'available': True,
'fqdn': 'bashe4aec32kr6zbifwd5x6xgjsmhg4tbowrbx4pneqhc5mqooyifpid.onion',
'slug': 'http://bashe4aec32kr6zbifwd5x6xgjsmhg4tbowrbx4pneqhc5mqooyifpid.onion',
'title': '',
'type': 'Files'},
{'available': True,
'fqdn': 'basheqtvzqwz4vp6ks5lm2ocq7i6tozqgf6vjcasj4ezmsy4bkpshhyd.onion',
'slug': 'http://basheqtvzqwz4vp6ks5lm2ocq7i6tozqgf6vjcasj4ezmsy4bkpshhyd.onion',
'title': 'BASHE',
'type': 'DLS'},
{'available': True,
'fqdn': 'bashex7mokreyoxl6wlswxl4foi7okgs7or7aergnuiockuoq35yt3ad.onion',
'slug': 'http://bashex7mokreyoxl6wlswxl4foi7okgs7or7aergnuiockuoq35yt3ad.onion',
'title': 'BASHE',
'type': 'DLS'},
{'available': True,
'fqdn': 'bashete63b3gcijfofpw6fmn3rwnmyi5aclp55n6awcfbexivexbhyad.onion',
'slug': 'http://bashete63b3gcijfofpw6fmn3rwnmyi5aclp55n6awcfbexivexbhyad.onion',
'title': 'BASHE',
'type': 'DLS'},
{'available': True,
'fqdn': 'basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion',
'slug': 'http://basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion/',
'title': 'BASHE',
'type': 'DLS'},
{'available': True,
'fqdn': 'basherykagbxoaiaxkgqhmhd5gbmedwb3di4ig3ouovziagosv4n77qd.onion',
'slug': 'http://basherykagbxoaiaxkgqhmhd5gbmedwb3di4ig3ouovziagosv4n77qd.onion',
'title': 'BASHE',
'type': 'DLS'},
{'available': False,
'fqdn': 'apt73grpjgjwykrenq7vnjejue76vosdzptdvmonv7vyqnsyokrw57ad.onion',
'slug': 'http://apt73grpjgjwykrenq7vnjejue76vosdzptdvmonv7vyqnsyokrw57ad.onion',
'title': 'APT73',
'type': 'DLS'},
{'available': False,
'fqdn': 'eraleignews.com',
'slug': 'http://eraleignews.com',
'title': 'APT73',
'type': 'DLS'},
{'available': False,
'fqdn': 'fleqwmg7xnanypt5km2m75l72q7nlcvlp2m4sdmgjxorsn6tb3zyp3qd.onion',
'slug': 'http://fleqwmg7xnanypt5km2m75l72q7nlcvlp2m4sdmgjxorsn6tb3zyp3qd.onion/',
'title': 'APT73',
'type': 'DLS'},
{'available': False,
'fqdn': 'wn6vonooq6fggjdgyocp7bioykmfjket7sbp47cwhgubvowwd7ws5pyd.onion',
'slug': 'http://wn6vonooq6fggjdgyocp7bioykmfjket7sbp47cwhgubvowwd7ws5pyd.onion',
'title': 'APT73',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 0,
'ransomware_live_group': 'apt73',
'tools': {},
'url': 'https://www.ransomware.live/group/apt73',
'victims': 140,
'vulnerabilities': []},
'tiaras_source': 'ransomware.live',
'tools': {},
'ttps': [],
'url': 'https://www.ransomware.live/group/apt73',
'victims': 140,
'vulnerabilities': []}