🔬 Incident Analysis

Affiliate portal: A .onion-hosted web application for affiliate recruitment, build customisation, and payment tracking
Victim portal: A negotiation site accessible to victims for proof-of-decryption and ransom payment
Data leak site: Public-facing Tor site for shaming non-paying victims
Builder: A customisable payload generator producing affiliate-specific encryptors

Deep technical write-ups on past cybersecurity incidents — TTPs, IoCs, MITRE ATT&CK mappings, and defensive recommendations.