Threat Actor Profile
Medium
Cybercriminal
Description
Beast is a Ransomware-as-a-service (RaaS) product which provides functionality such as SMB scanning, file encryption, service and process starting and stopping, and geographic identification to avoid encryption in CIS countries.
Confidence Score
Known Aliases
GIGAKICK
Tags
ransomware
ransomware.live
GIGAKICK
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'added_date': '2025-07-29',
'client': '2003264@sit.singaporetech.edu.sg',
'description': 'Beast is a Ransomware-as-a-service (RaaS) product which '
'provides functionality such as SMB scanning, file encryption, '
'service and process starting and stopping, and geographic '
'identification to avoid encryption in CIS countries.',
'firstseen': '2023-12-19T19:16:52.658880+00:00',
'group': 'beast',
'has_negotiations': False,
'has_ransomnote': True,
'lastseen': '2026-04-10T00:00:00+00:00',
'locations': [{'available': False,
'fqdn': 'ooie6tet7ggcmlgvtmyvok4s6vha6ecwczssbchbyxrg2r6v2m6zkkad.onion',
'slug': 'http://ooie6tet7ggcmlgvtmyvok4s6vha6ecwczssbchbyxrg2r6v2m6zkkad.onion/',
'title': 'Index of /',
'type': 'Files'},
{'available': False,
'fqdn': 'beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion',
'slug': 'http://beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion',
'title': 'BEAST LEAKS | Index',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 1,
'tiaras_metadata': {'has_negotiations': False,
'has_ransomnote': True,
'locations': [{'available': False,
'fqdn': 'ooie6tet7ggcmlgvtmyvok4s6vha6ecwczssbchbyxrg2r6v2m6zkkad.onion',
'slug': 'http://ooie6tet7ggcmlgvtmyvok4s6vha6ecwczssbchbyxrg2r6v2m6zkkad.onion/',
'title': 'Index of /',
'type': 'Files'},
{'available': False,
'fqdn': 'beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion',
'slug': 'http://beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion',
'title': 'BEAST LEAKS | Index',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 1,
'ransomware_live_group': 'beast',
'tools': {'CredentialTheft': ['Automim',
'LaZagne',
'Mimikatz'],
'DefenseEvasion': [],
'DiscoveryEnum': ['Advanced IP Scanner',
'Advanced Port Scanner',
'Everything.exe',
'SoftPerfect NetScan'],
'Exfiltration': ['MEGA', 'WinSCP'],
'LOLBAS': ['PsExec'],
'Networking': ['Klink', 'OpenSSH'],
'Offsec': [],
'RMM-Tools': ['AnyDesk']},
'url': 'https://www.ransomware.live/group/beast',
'victims': 69,
'vulnerabilities': []},
'tiaras_source': 'ransomware.live',
'tools': {'CredentialTheft': ['Automim', 'LaZagne', 'Mimikatz'],
'DefenseEvasion': [],
'DiscoveryEnum': ['Advanced IP Scanner',
'Advanced Port Scanner',
'Everything.exe',
'SoftPerfect NetScan'],
'Exfiltration': ['MEGA', 'WinSCP'],
'LOLBAS': ['PsExec'],
'Networking': ['Klink', 'OpenSSH'],
'Offsec': [],
'RMM-Tools': ['AnyDesk']},
'ttps': [],
'url': 'https://www.ransomware.live/group/beast',
'victims': 69,
'vulnerabilities': []}