Threat Actor Profile
Medium Cybercriminal
Description

This malware written in C# is a variant of the Thanos ransomware family and emerged in October 2021 and is obfuscated using SmartAssembly. In 2022, ThreatLabz analysed a report of Midas ransomware was slowly deployed over a two month period (ZScaler). This ransomware features also its own data leak site as part of its double extortion strategy.

Confidence Score
100%
Tags
ransomware ransomware.live
First Seen

Unknown

Last Updated

Unknown

Active Status
Active
Created

April 29, 2026

Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel
STIX Data 
{'added_date': None,
 'client': '2003264@sit.singaporetech.edu.sg',
 'description': 'This malware written in C# is a variant of the Thanos '
                'ransomware family and emerged in October 2021 and is '
                'obfuscated using SmartAssembly. In 2022, ThreatLabz analysed '
                'a report of Midas ransomware was slowly deployed over a two '
                'month period (ZScaler). This ransomware features also its own '
                'data leak site as part of its double extortion strategy.\n',
 'firstseen': '2021-11-29T00:29:03.379199+00:00',
 'group': 'midas',
 'has_negotiations': False,
 'has_ransomnote': False,
 'lastseen': '2022-04-14T23:25:05.809224+00:00',
 'locations': [{'available': False,
                'fqdn': 'midasbkic5eyfox4dhnijkzc7v7e4hpmsb2qgux7diqbpna4up4rtdad.onion',
                'slug': 'http://midasbkic5eyfox4dhnijkzc7v7e4hpmsb2qgux7diqbpna4up4rtdad.onion/blog.php',
                'title': 'Info',
                'type': 'DLS'}],
 'negotiation_count': 0,
 'ransomnotes_count': 0,
 'tiaras_metadata': {'has_negotiations': False,
                     'has_ransomnote': False,
                     'locations': [{'available': False,
                                    'fqdn': 'midasbkic5eyfox4dhnijkzc7v7e4hpmsb2qgux7diqbpna4up4rtdad.onion',
                                    'slug': 'http://midasbkic5eyfox4dhnijkzc7v7e4hpmsb2qgux7diqbpna4up4rtdad.onion/blog.php',
                                    'title': 'Info',
                                    'type': 'DLS'}],
                     'negotiation_count': 0,
                     'ransomnotes_count': 0,
                     'ransomware_live_group': 'midas',
                     'tools': {},
                     'url': 'https://www.ransomware.live/group/midas',
                     'victims': 44,
                     'vulnerabilities': []},
 'tiaras_source': 'ransomware.live',
 'tools': {},
 'ttps': [],
 'url': 'https://www.ransomware.live/group/midas',
 'victims': 44,
 'vulnerabilities': []}
Quick Actions
Back to Threat Actors
Dashboard Home