Threat Actor Profile
High Cybercriminal
Description

Everest ransom group collects and analyzes information about their victims. They specialize in customer privacy data, financial information, databases, credit card information, and more. The Everest ransom group leaks the victim's data to the darknet and they announced that any victim that will not contact them will suffer from a data leak and they will not delete hist files for future usage.

Confidence Score
100%
Tags
ransomware ransomware.live
First Seen

Unknown

Last Updated

Unknown

Active Status
Active
Created

April 29, 2026

Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel
STIX Data 
{'added_date': None,
 'client': '2003264@sit.singaporetech.edu.sg',
 'description': 'Everest ransom group collects and analyzes information about '
                'their victims. They specialize in customer privacy data, '
                'financial information, databases, credit card information, '
                "and more. The Everest ransom group leaks the victim's data to "
                'the darknet and they announced that any victim that will not '
                'contact them will suffer from a data leak and they will not '
                'delete hist files for future usage.',
 'firstseen': '2021-09-09T23:46:55.460174+00:00',
 'group': 'everest',
 'has_negotiations': False,
 'has_ransomnote': False,
 'lastseen': '2026-04-28T22:51:38.733597+00:00',
 'locations': [{'available': True,
                'fqdn': 'ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion',
                'slug': 'http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/',
                'title': '',
                'type': 'DLS'}],
 'negotiation_count': 0,
 'ransomnotes_count': 0,
 'tiaras_metadata': {'has_negotiations': False,
                     'has_ransomnote': False,
                     'locations': [{'available': True,
                                    'fqdn': 'ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion',
                                    'slug': 'http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/',
                                    'title': '',
                                    'type': 'DLS'}],
                     'negotiation_count': 0,
                     'ransomnotes_count': 0,
                     'ransomware_live_group': 'everest',
                     'tools': {'CredentialTheft': ['ProcDump'],
                               'DefenseEvasion': [],
                               'DiscoveryEnum': ['SoftPerfect NetScan'],
                               'Exfiltration': [],
                               'LOLBAS': [],
                               'Networking': [],
                               'Offsec': ['Cobalt Strike',
                                          'Metasploit',
                                          'Meterpreter'],
                               'RMM-Tools': ['AnyDesk', 'Atera', 'Splashtop']},
                     'url': 'https://www.ransomware.live/group/everest',
                     'victims': 348,
                     'vulnerabilities': []},
 'tiaras_source': 'ransomware.live',
 'tools': {'CredentialTheft': ['ProcDump'],
           'DefenseEvasion': [],
           'DiscoveryEnum': ['SoftPerfect NetScan'],
           'Exfiltration': [],
           'LOLBAS': [],
           'Networking': [],
           'Offsec': ['Cobalt Strike', 'Metasploit', 'Meterpreter'],
           'RMM-Tools': ['AnyDesk', 'Atera', 'Splashtop']},
 'ttps': [],
 'url': 'https://www.ransomware.live/group/everest',
 'victims': 348,
 'vulnerabilities': []}
Quick Actions
Back to Threat Actors
Dashboard Home