Groove x RAMP : The relation between Groove, Babuk, Payload.bin, RAMP, and BlackMatter
Hotsauce | S2W TALON
The relation graph of Groove, Babuk, Payload.bin, RAMP, and BlackMatter
- Groove mentioned several cryptocurrency wallet addresses such as BTC, XMR and ETH. Those addresses are same as RAMP’s addresses mentioned on their leak site.
- Groove used the file server same as BlackMatter and Babuk .
- The operator of RAMP was linked to the operator of Babuk and Payload.bin .
Groove’s BTC, XMR and ETH == RAMP
- BTC: 1EZhsp26j4ZfDfKyXpweUtGgrs3fnpPCEd
- ETH: 0xF6a4906fA254ce0e9175E2C3418Dde999b99ed1F
- XMR: 47GyLQAPw4Ee3WVTgCtSxwNcRinsEm3jdSX8FH4DLbjb5t79CJDxrK9gMNVJNDfCLEjhdJZyWCPBG5CkiTnGqMvnPgKTTV3
- In this post, we mentioned the fact of Groove and RAMP using the same cryptocurrency wallet address that was mentioned on their leak sites.
- It is highly probable that the operator of RAMP, Groove and BlackMatter are the same or the same group.
- We need to keep monitoring their activities to track the cryptocurrency wallet address that was mentioned by these ransomware.