Home/ Threat Actors/ 8Base

🌐8Base

🌐 8Base is a tracked threat actor in the Clankerusecase corpus. Attributed to ??. Primary motivation: Criminal. We map 12 detection use cases to this actor across 19 MITRE ATT&CK techniques, with 1 threat-intel article citing them. Active in our corpus from 2026-06-24 to 2026-06-24.

crit 1

View full actor card → All threat actors

12Use cases

1Articles

19Techniques

0IOCs

Known aliases

8Base ransomware8Base

Top techniques

T1027 · Obfuscated Files or Information T1176 · Software Extensions T1204.004 · Malicious Copy and Paste

All other tracked techniques

T1003 · OS Credential Dumping T1003.001 · LSASS Memory T1021.002 · SMB/Windows Admin Shares T1059.001 · PowerShell T1071.001 · Web Protocols T1071.004 · DNS T1204.001 · Malicious Link T1204.002 · Malicious File T1219 · Remote Access Tools T1486 · Data Encrypted for Impact T1539 · Steal Web Session Cookie T1555.003 · Credentials from Web Browsers T1566 · Phishing T1566.002 · Spearphishing Link T1566.004 · Spearphishing Voice T1569.002 · Service Execution

Detection use cases (12)

Beaconing — periodic outbound to small set of destinations Internal Suspicious browser extension installation Internal Infostealer — non-browser process accessing browser cookie/login DBs Internal Microsoft Teams external-tenant chat from unverified IT-helpdesk impersonator Internal RMM tool installed by non-IT user — remote-access utility for hands-on-keyboard Internal Phishing-link click correlated to endpoint execution Internal Fake CAPTCHA / clipboard-injected PowerShell (ClickFix / FakeCaptcha) Internal PowerShell encoded / obfuscated command Internal Ransomware-style mass file rename / extension change Internal LSASS process access / dump (credential theft) Internal Remote service execution — PsExec / SMB lateral movement Internal Article-specific behavioural hunt — Stealthy Mistic backdoor linked to ransomware access broker KongTuke Internal

Threat-intel articles (1)

crit Stealthy Mistic backdoor linked to ransomware access broker KongTuke · 2026-06-24