DarkVault is a ransomware threat actor referenced in Dragos’s Q1 2025 ransomware threat landscape reporting. In the provided content, DarkVault is only mentioned briefly as accounting for 1 incident (“DarkVault… Each accounted for 1 incident”). No additional high-confidence details are provided in the source regarding its targets, tactics, techniques, geographic focus, affiliations, sub-groups, or attribution to a nation state. Known alias in the provided content: darkvault.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.