Darkbit01

Description

DarkBit is a politically motivated ransomware operation active since February 2023, targeting academic and public sector entities—most notably including attacks against Israeli institutions like the Technion. Written in Go (Golang) and leveraging powerful encryption routines, it employed AES-256 and supported command-line options for customizable deployments. Its behavior includes deleting volume shadow copies and encrypting files with a randomized prefix and .Darkbit extension. The group deployed their own Tor-based negotiation portal and utilized Tox messaging for communication. Their messaging contained anti-government rhetoric, suggesting ideological motivations in addition to cyber-extortion objectives.

External Analysis
https://blogs.blackberry.com/en/2023/02/darkbit-ransomware-targets-israel
https://cyberscoop.com/new-cybercrime-group-darkbit-israel/
https://www.sentinelone.com/anthology/darkbit/
https://elastio.com/detectable-ransomware/darkbit/

Tox
AB33BC51AFAC64D98226826E70B483593C81CB22E6A3B504F7A75348C38C862F00042F5245AC

Urls	Screen
http://iw6v2p3cruy7tqfup3yl4dgt4pfibfa3ai4zgnu5df2q3hus3lm7c7ad.onion	Screen
http://iw6v2p3cruy7tqfup3yl4dgt4pfibfa3ai4zgnu5df2q3hus3lm7c7ad.onion/support/	Screen

File servers	Screen

Chat servers	Screen

Admin servers	Screen