VERY IMPORTANT

This report provides an analysis of infrastructure associated with the 8Base ransomware group, which utilizes the Phobos ransomware. The group has been highly active since mid-2023, targeting a broad range of sectors and encrypting files with a .8base extension. The report details 45 domains, 22 IP addresses, and 50 malicious file samples linked to 8Base operations. Most of this infrastructure remains undetected, with low VirusTotal detection rates. There was a spike in submissions to VirusTotal in February 2024, likely following a CISA advisory warning about 8Base. The report concludes that this infrastructure remains active and should be monitored for changes that could enable proactive threat detection.