Clankerusecase
Threat-actor profile
 ← Back to main site
Home/ Threat Actors/ Hellcat

🌐Hellcat

🌐 Hellcat is a tracked threat actor in the Clankerusecase corpus. Attributed to ??. Primary motivation: Criminal. We map 12 detection use cases to this actor across 29 MITRE ATT&CK techniques, with 1 threat-intel article citing them. Active in our corpus from 2026-06-24 to 2026-06-24.

crit 1
View full actor card → All threat actors
12Use cases
1Articles
29Techniques
12IOCs

Known aliases

Hellcat ransomwareHellcat

Top techniques

T1021.001 · Remote Desktop ProtocolT1027 · Obfuscated Files or InformationT1053.005 · Scheduled Task

All other tracked techniques

T1003 · OS Credential DumpingT1003.001 · LSASS MemoryT1021.002 · SMB/Windows Admin SharesT1059.001 · PowerShellT1059.003 · Windows Command ShellT1059.005 · Visual BasicT1071 · Application Layer ProtocolT1071.001 · Web ProtocolsT1071.004 · DNST1098.001 · Additional Cloud CredentialsT1176 · Software ExtensionsT1204.001 · Malicious LinkT1204.002 · Malicious FileT1204.004 · Malicious Copy and PasteT1218 · System Binary Proxy ExecutionT1218.011 · Rundll32T1219 · Remote Access ToolsT1486 · Data Encrypted for ImpactT1528 · Steal Application Access TokenT1539 · Steal Web Session CookieT1547.001 · Registry Run Keys / Startup FolderT1555.003 · Credentials from Web BrowsersT1566 · PhishingT1566.001 · Spearphishing AttachmentT1566.002 · Spearphishing LinkT1569.002 · Service Execution

Detection use cases (12)

Beaconing — periodic outbound to small set of destinations Internal Network connections to article IPs / domains Internal Suspicious browser extension installation Internal Infostealer — non-browser process accessing browser cookie/login DBs Internal Phishing-link click correlated to endpoint execution Internal Email attachment opened from external sender Internal Office app spawning script/LOLBin child process Internal Remote service execution — PsExec / SMB lateral movement Internal OAuth consent / suspicious app grant Internal Scheduled task created with suspicious image / encoded args Internal Fake CAPTCHA / clipboard-injected PowerShell (ClickFix / FakeCaptcha) Internal PowerShell encoded / obfuscated command Internal

Threat-intel articles (1)

crit Amadey, StealC malware operations disrupted in Operation Endgame action · 2026-06-24

Tracked indicators

Domains (12)

bartsen284.online bluescry.com cdntestconnect.com goodpanelforgoodjob.com microsoft-telemetry.at neltron-geltron.shop polse.us rebustan.top roger99699.xyz secure.controlpanel.asia spasopro.at svclsc.com