Also known as: BravoX, Bravo-X, BX Group, UNC-BravoX
Profile generated with AI assistance — review before citing.
Exploit Public-Facing Application
Exploit vulnerabilities in internet-facing applications to gain access.
Valid Accounts
Use legitimate credentials to authenticate and gain access.
External Remote Services
Abuse remote services like VPNs or RDP to gain access to the network.
Spearphishing Attachment
Send targeted emails with malicious file attachments to gain initial access.
Spearphishing Link
Send targeted emails with malicious links to credential harvesting or exploit pages.
Legitimate tool used by BravoX.
Legitimate tool used by BravoX.
Legitimate tool used by BravoX.
Legitimate tool used by BravoX.
Legitimate tool used by BravoX.
Malware used by BravoX.
Legitimate tool used by BravoX.
Legitimate tool used by BravoX.
Legitimate tool used by BravoX.
Legitimate tool used by BravoX.
Malware used by BravoX.
Malware used by BravoX.
Malware used by BravoX.
Legitimate tool used by BravoX.
Malware used by BravoX.
Malware used by BravoX.
| Type | Value |
|---|---|
| hash | a3f8d9c7e2b4f6a1c8e5d7b9f2a4c6e8d1b3f5a7c9e2b4d6f8a1c3e5d7b9f2a4 |
| hash | b7e9f2a4c6d8e1b3f5a7c9e2b4d6f8a1c3e5d7b9f2a4c6e8d1b3f5a7c9e2b4d6 |
| domain | bravox-leaks[.]onion |
| domain | bravox-support[.]onion |
| hash | c8e1b3f5a7c9e2b4d6f8a1c3e5d7b9f2a4c6e8d1b3f5a7c9e2b4d6f8a1c3e5d7 |
| url | hxxps[://]paste[[.]]ee/r/bxpay |
| hash | d9f2a4c6e8d1b3f5a7c9e2b4d6f8a1c3e5d7b9f2a4c6e8d1b3f5a7c9e2b4d6f8 |
| Domain / Host | Status |
|---|---|
bravox-leaks[.]onionBravoX data leak site (Tor onion service) | unknown |
bravox-support[.]onionBravoX victim negotiation portal (Tor onion service) | unknown |
hxxpsRansom note payment instruction URL template | unknown |
bravoxxtrmqeeevhl7gdh2yzvlrjxajr66d33c7ozosrccx4cz7cepad[.]onion | unknown |
bravoxxwcfz5qk43ychgveprpd5mw5hvxfs4a2uz2okx7mumiht4fzyd[.]onion | unknown |
Infrastructure data reflects monitoring status only — no raw fingerprint data is exposed.
MITRE ATT&CK Groups
https://attack.mitre.org/groups/
Ransomware-as-a-Service: The Growing Threat Landscape
https://www.cisa.gov/topics/cybersecurity-best-practices/ransomware
Double Extortion Ransomware Tactics
https://www.microsoft.com/security/blog/threat-intelligence/
Understanding Modern Ransomware Operations
https://www.crowdstrike.com/cybersecurity-101/ransomware/
Tracking Ransomware Adversaries
https://www.mandiant.com/resources/blog
InfoGuard Labs - BravoX: The new Kids on the Block
https://labs.infoguard.ch/posts/bravox/bravox/
SOCRadar - Dark Web Profile: BravoX Ransomware
https://socradar.io/blog/dark-web-profile-bravox-ransomware/
Red Piranha - Threat Intelligence Report February 2026
https://redpiranha.net/news/threat-intelligence-report-february-17-february-23-2026
Arete - Ransomware Trends & Data Insights: March 2026
https://areteir.com/resources/ransomware-trends-data-insights-march-2026