Threat Actor Profile
Medium Cybercriminal
Description

LV ransomware group main message: "Here are companies which didn't meet consumer data protection obligations. They rejected to fix their mistakes, they rejected to protect this data in the case when they could and had to ptotect it. These companies prefered to sell their private information, their employees' and customers' personal data". Security researchers claim that the LV group is utilizing the REvil ransomware group malware. The LV group claim to have compromised the corporate network of Groupe Reorev.

Confidence Score
100%
Tags
ransomware ransomware.live
First Seen

Unknown

Last Updated

Unknown

Active Status
Active
Created

April 29, 2026

Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel
STIX Data 
{'added_date': None,
 'client': '2003264@sit.singaporetech.edu.sg',
 'description': 'LV ransomware group main message: "Here are companies which '
                "didn't meet consumer data protection obligations. They "
                'rejected to fix their mistakes, they rejected to protect this '
                'data in the case when they could and had to ptotect it. These '
                'companies prefered to sell their private information, their '
                'employees\' and customers\' personal data". Security '
                'researchers claim that the LV group is utilizing the REvil '
                'ransomware group malware. The LV group claim to have '
                'compromised the corporate network of Groupe Reorev.\n',
 'firstseen': '2021-11-22T03:41:15.119728+00:00',
 'group': 'lv',
 'has_negotiations': False,
 'has_ransomnote': True,
 'lastseen': '2022-11-27T14:03:27.280258+00:00',
 'locations': [{'available': False,
                'fqdn': 'rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad.onion',
                'slug': 'http://rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad.onion/api/posts/1',
                'title': '',
                'type': 'DLS'},
               {'available': False,
                'fqdn': '4qbxi3i2oqmyzxsjg4fwe4aly3xkped52gq5orp6efpkeskvchqe27id.onion',
                'slug': 'http://4qbxi3i2oqmyzxsjg4fwe4aly3xkped52gq5orp6efpkeskvchqe27id.onion/',
                'title': 'Start-maximized.com',
                'type': 'DLS'}],
 'negotiation_count': 0,
 'ransomnotes_count': 1,
 'tiaras_metadata': {'has_negotiations': False,
                     'has_ransomnote': True,
                     'locations': [{'available': False,
                                    'fqdn': 'rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad.onion',
                                    'slug': 'http://rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad.onion/api/posts/1',
                                    'title': '',
                                    'type': 'DLS'},
                                   {'available': False,
                                    'fqdn': '4qbxi3i2oqmyzxsjg4fwe4aly3xkped52gq5orp6efpkeskvchqe27id.onion',
                                    'slug': 'http://4qbxi3i2oqmyzxsjg4fwe4aly3xkped52gq5orp6efpkeskvchqe27id.onion/',
                                    'title': 'Start-maximized.com',
                                    'type': 'DLS'}],
                     'negotiation_count': 0,
                     'ransomnotes_count': 1,
                     'ransomware_live_group': 'lv',
                     'tools': {},
                     'url': 'https://www.ransomware.live/group/lv',
                     'victims': 63,
                     'vulnerabilities': []},
 'tiaras_source': 'ransomware.live',
 'tools': {},
 'ttps': [],
 'url': 'https://www.ransomware.live/group/lv',
 'victims': 63,
 'vulnerabilities': []}
Quick Actions
Back to Threat Actors
Dashboard Home