[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fD2aCjQd9dktmWriouq51ZTwSYFuDgkD5m3CDnds0LB4":3},{"article":4,"iocs":38},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":21,"category":22,"article_tags":25},"6c6b1cbb-82f9-4d7e-873b-b1a884221e7b","‼️ New Ransomware Group and IP Leak: CMD Organization\n\nClearnet: cmdofficial[.]com\nIP: 209[.]99[....","new-ransomware-group-and-ip-leak-cmd-organization-clearnet-cmdofficial-com-ip-20-864702","‼️ New Ransomware Group and IP Leak: CMD Organization\n\nClearnet: cmdofficial[.]com\nIP: 209[.]99[.]186[.]211\n\nOnion: http:\u002F\u002Fcmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd[.]onion https:\u002F\u002Ft.co\u002FWEuHRNXAI7","A previously unknown ransomware group called CMD Organization has been identified operating infrastructure across clearnet and dark web platforms. The group's primary domain cmdofficial[.]com and associated IP address 209.99.186.211 have been exposed, along with an onion service URL. This appears to be an early-stage threat actor with limited public activity.","New ransomware group CMD Organization surfaces with clearnet and onion infrastructure.",null,"https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2050587180225957977","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHHUmG4aWgAAar8h.png","2026-05-02T14:44:16+00:00","2026-05-02T15:00:09.868594+00:00",7,[18],{"name":19,"type":20},"CMD Organization","threat_actor","7d8b5ab8-ea0b-4ced-ae97-ec251b86993a",{"id":21,"icon":11,"name":23,"slug":24},"Ransomware","ransomware",[26,28,33],{"category":27},{"id":21,"icon":11,"name":23,"slug":24},{"category":29},{"id":30,"icon":11,"name":31,"slug":32},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":34},{"id":35,"icon":11,"name":36,"slug":37},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[39,43,47],{"type":40,"value":41,"context":42},"domain","cmdofficial.com","CMD Organization ransomware group clearnet domain",{"type":44,"value":45,"context":46},"ip","209.99.186.211","CMD Organization infrastructure IP address",{"type":40,"value":48,"context":49},"cmdnkiqjije2tllr3biee2sjgj3i4robg2cbtilbnytdhh2wy3syrlyd.onion","CMD Organization dark web onion service"]