cry0 is identified in the provided content as a ransomware group. The content states that cry0 reportedly sponsored a $10,000 dark web article contest announced on the TierOne forum, with prizes for technical writeups focused on vulnerability exploitation. Eligible topics included advanced offensive security subjects such as remote code execution, command injection, IDOR, SSTI, insecure deserialization, firmware attacks, zero-day discovery, AI-assisted vulnerability research, AV/EDR bypass, and RPC exploitation. The content also references cry0 engaging on the T1erOne forum, a closed underground forum that emerged in early February 2026 after the seizure of RAMP and that openly permits ransomware activity. At the time of writing, the content states that cry0 had not publicly referenced T1erOne on its known communication channels. No additional aliases, sub-groups, victimology, or nation-state attribution are provided in the content.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Reportedly sponsoring a dark web article contest on the TierOne forum focused on vulnerability exploitation and offensive technical research topics.
Referenced as engaging on the gated T1erOne forum in the post-RAMP disruption period, suggesting exploratory or early-stage affiliate/recruitment activity.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.