From 6d58105048b1d360dd34abb744de7851b6fe1495 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Wed, 18 Dec 2024 16:34:13 +0100 Subject: [PATCH] chg: [ransomware] updated --- clusters/ransomware.json | 960 +++++++++++++++++++++++++++++++++++---- 1 file changed, 865 insertions(+), 95 deletions(-) diff --git a/clusters/ransomware.json b/clusters/ransomware.json index 26fc4fd..c5b403b 100644 --- a/clusters/ransomware.json +++ b/clusters/ransomware.json @@ -6810,6 +6810,9 @@ "extensions": [ ".crypt" ], + "links": [ + "http://apvc24autvavxuc6.onion/" + ], "payment-method": "Bitcoin", "price": "1.2 (500$) - 2.4", "ransomnotes-filenames": [ @@ -6825,7 +6828,8 @@ "refs": [ "https://support.kaspersky.com/viruses/disinfection/8547", "http://www.bleepingcomputer.com/virus-removal/cryptxxx-ransomware-help-information", - "https://id-ransomware.blogspot.com/2016/04/cryptxxx-ransomware.html" + "https://id-ransomware.blogspot.com/2016/04/cryptxxx-ransomware.html", + "https://www.ransomlook.io/group/cryptxxx" ], "synonyms": [ "CryptProjectXXX" @@ -8605,6 +8609,10 @@ "([A-F0-9]{32}).osiris", ".lukitus" ], + "links": [ + "http://6dtxgqam4crv6rr6.onion/", + "http://i3ezlvkoi7fwyood.onion" + ], "payment-method": "Bitcoin", "price": "3 - 5 - 7", "ransomnotes": [ @@ -8627,7 +8635,8 @@ "http://blog.trendmicro.com/trendlabs-security-intelligence/new-locky-ransomware-spotted-in-the-brazilian-underground-market-uses-windows-script-files/", "https://nakedsecurity.sophos.com/2016/10/06/odin-ransomware-takes-over-from-zepto-and-locky/", "https://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-egyptian-mythology-with-the-osiris-extension/", - "https://id-ransomware.blogspot.com/2016/02/locky.html" + "https://id-ransomware.blogspot.com/2016/02/locky.html", + "https://www.ransomlook.io/group/locky" ], "synonyms": [ "Locky-Odin", @@ -10817,6 +10826,9 @@ ".windows10", ".no_more_ransom" ], + "links": [ + "http://cryptorz76e7vuik.onion" + ], "payment-method": "Email", "ransomnotes-filenames": [ "README.txt", @@ -10826,7 +10838,8 @@ "https://www.nomoreransom.org/uploads/ShadeDecryptor_how-to_guide.pdf", "http://www.nyxbone.com/malware/Troldesh.html", "https://www.bleepingcomputer.com/news/security/kelihos-botnet-delivering-shade-troldesh-ransomware-with-no-more-ransom-extension/", - "https://id-ransomware.blogspot.com/2016/06/troldesh-ransomware-email.html" + "https://id-ransomware.blogspot.com/2016/06/troldesh-ransomware-email.html", + "https://www.ransomlook.io/group/shade" ], "synonyms": [ "Shade", @@ -11335,6 +11348,9 @@ "extensions": [ ".jaff" ], + "links": [ + "http://rktazuzi7hbln7sy.onion/" + ], "payment-method": "Bitcoin", "price": "1.82 - 2.036", "ransomnotes-filenames": [ @@ -11346,7 +11362,8 @@ "refs": [ "http://blog.talosintelligence.com/2017/05/jaff-ransomware.html", "https://www.bleepingcomputer.com/news/security/jaff-ransomware-distributed-via-necurs-malspam-and-asking-for-a-3-700-ransom/", - "http://id-ransomware.blogspot.com/2017/05/jaff-ransomware.html" + "http://id-ransomware.blogspot.com/2017/05/jaff-ransomware.html", + "https://www.ransomlook.io/group/jaff" ] }, "related": [ @@ -11837,6 +11854,9 @@ ".Crab", ".CRAB" ], + "links": [ + "http://gandcrabmfe6mnef.onion/" + ], "payment-method": "Dash", "price": "1 - 3", "ransomnotes": [ @@ -11860,7 +11880,8 @@ "https://www.bleepingcomputer.com/news/security/gandcrab-version-3-released-with-autorun-feature-and-desktop-background/", "https://www.bleepingcomputer.com/news/security/new-fallout-exploit-kit-drops-gandcrab-ransomware-or-redirects-to-pups/", "https://www.bleepingcomputer.com/news/security/gandcrab-v5-ransomware-utilizing-the-alpc-task-scheduler-exploit/", - "https://id-ransomware.blogspot.com/2018/01/gandcrab-ransomware.html" + "https://id-ransomware.blogspot.com/2018/01/gandcrab-ransomware.html", + "https://www.ransomlook.io/group/gandcrab" ] }, "related": [ @@ -13857,7 +13878,14 @@ "links": [ "http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/", "http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/", - "http://blogxxu75w63ujqarv476otld7cyjkq4yoswzt4ijadkjwvg3vrvd5yd.onion/Blog" + "http://blogxxu75w63ujqarv476otld7cyjkq4yoswzt4ijadkjwvg3vrvd5yd.onion/Blog", + "http://2wub3njb7zvmnn6xohbuizjcbvy4w5dvlb4puesry3rrl6gx4452ezid.onion", + "http://54xj22qsftuzs6bhcistgz27reblgijdjggkgb3fdhfgl3ghkmzk7dad.onion", + "http://65x5syrn4gmgfnicrhyfwkokw5x3xipxer2z4vhhckrh756v6m5272qd.onion", + "http://fsgwyl2xd2h5s43er7epr6vuqu5eddmmtgp6cq7khmkoe3ba4d37w7ad.onion", + "http://rrjwr4jsju3nuwjz77hbcquiuq5hc3oc7yxlgi5rxeazehf7mlkzcvid.onion", + "http://ttn4gqpgvyy6tuezexxhwiukmm2t6zzawj6p3w3jprve36f43zxr24qd.onion", + "http://landxxeaf2hoyl2jvcwuazypt6imcsbmhb7kx3x33yhparvtmkatpaad.onion/" ], "refs": [ "https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html", @@ -14296,7 +14324,8 @@ "meta": { "encryption": "AES", "links": [ - "http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion/" + "http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion/", + "http://qkbbaxiuqqcqb5nox4np4qjcniy2q6m7yeluvj7n5i5dn7pgpcwxwfid.onion/" ], "refs": [ "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/", @@ -14405,7 +14434,9 @@ "meta": { "encryption": "ChaCha20 and RSA", "links": [ - "http://xfr3txoorcyy7tikjgj5dk3rvo3vsrpyaxnclyohkbfp3h277ap4tiad.onion" + "http://xfr3txoorcyy7tikjgj5dk3rvo3vsrpyaxnclyohkbfp3h277ap4tiad.onion", + "http://aoacugmutagkwctu.onion/", + "https://mazedecrypt.top/" ], "refs": [ "https://malpedia.caad.fkie.fraunhofer.de/details/win.maze", @@ -14556,12 +14587,16 @@ { "description": "A targeted email campaign has been spotted distributing the JasperLoader to victims. While the JasperLoader was originally used to then install Gootkit, Certego has observed it now being used to infect victims with a new ransomware dubbed FTCODE. Using an invoice-themed email appearing to target Italian users, the attackers attempt to convince users to allow macros in a Word document. The macro is used to run PowerShell to retrieve additional PowerShell code.", "meta": { + "links": [ + "http://qvo5sd7p5yazwbrgioky7rdu4vslxrcaeruhjr7ztn3t2pihp56ewlqd.onion/" + ], "payment-method": "Bitcoin", "price": "0.06", "refs": [ "https://www.certego.net/en/news/malware-tales-ftcode/", "https://exchange.xforce.ibmcloud.com/collection/FTCODE-Ransomware-45dacdc2d5cf30722ced20b9d37988c2", - "https://malpedia.caad.fkie.fraunhofer.de/details/ps1.ftcode" + "https://malpedia.caad.fkie.fraunhofer.de/details/ps1.ftcode", + "https://www.ransomlook.io/group/ftcode" ] }, "uuid": "6f9b7c54-45fa-422c-97f0-0f0c015e3c4e", @@ -14581,7 +14616,9 @@ "http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/", "http://3ws3t4uo7fehnn4qpmadk3zjrxta5xlt3gsc5mx4sztrsy7ficuz5ayd.onion/", "http://amnwxasjtjc6e42siac6t45mhbkgtycrx5krv7sf5festvqxmnchuayd.onion/", - "http://qahjimrublt35jlv4teesicrw6zhpwhkb6nhtonwxuqafmjhr7hax2id.onion/" + "http://qahjimrublt35jlv4teesicrw6zhpwhkb6nhtonwxuqafmjhr7hax2id.onion/", + "http://npkoxkuygikbkpuf5yxte66um727wmdo2jtpg2djhb2e224i4r25v7ad.onion", + "http://6v4q5w7di74grj2vtmikzgx2tnq5eagyg2cubpcnqrvvee2ijpmprzqd.onion/remote0/" ], "refs": [ "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2020-CTI-001.pdf", @@ -14955,7 +14992,8 @@ ".encrypt" ], "links": [ - "http://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion" + "http://veqlxhq7ub5qze3qy56zx2cig2e6tzsgxdspkubwbayqije6oatma6id.onion", + "http://7zvu7njrx7q734kvk435ntuf37gfll2pu46fmrfoweczwpk2rhp444yd.onion" ], "ransomnotes": [ "All your data has been locked(crypted).\n​How to unclock(decrypt) instruction located in this TOR website:\nhttp://sg3dwqfpnr4sl5hh.onion/order/[Bitcoin address]\nUse TOR browser for access .onion websites.\nhttps://duckduckgo.com/html?q=tor+browser+how+to\n\nDo NOT remove this file and NOT remove last line in this file!\n[base64 encoded encrypted data]" @@ -15077,7 +15115,8 @@ ".LockBit" ], "links": [ - "http://lockbitkodidilol.onion" + "http://lockbitkodidilol.onion", + "http://lockbitks2tvnmwk.onion" ], "ransomnotes-filenames": [ "Restore-My-Files.txt" @@ -15258,7 +15297,10 @@ "colt-median": "7d", "links": [ "http://blackmax7su6mbwtcyo3xwtpfxpm356jjqrs34y4crcytpw7mifuedyd.onion/", - "http://darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion" + "http://darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion", + "http://supp24yy6a66hwszu2piygicgwzdtbwftb76htfj7vnip3getgqnzxid.onion/", + "http://supp24maprinktc7uizgfyqhisx7lkszb6ogh6lwdzpac23w3mh4tvyd.onion", + "http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/" ], "refs": [ "https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/", @@ -15466,7 +15508,8 @@ ], "links": [ "http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion/", - "http://zubllg7o774lgc4rdxmfcfpjewfkqa7ml7gxwl5fetogc7hbkvaprhid.onion/" + "http://zubllg7o774lgc4rdxmfcfpjewfkqa7ml7gxwl5fetogc7hbkvaprhid.onion/", + "http://jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onion/" ], "ransomnotes": [ "Greetings, Texas Department of Transportation!\nRead this message CAREFULLY and contact someone from IT department..\nYour files are securely ENCRYPTED.\nNo third party decryption software EXISTS.\nMODIFICATION or RENAMING encrypted files may cause decryption failure.\nYou can send us an encrypted file (not greater than 400KB) and we will decrypt it FOR FREE, so you have no doubts in possibility to restore all Files\nFrom all aFFected systems ANY TIME.\nEncrypted File SHOULD NOT contain sensitive inFormation (technical, backups, databases, large documents).\nThe rest oF data will be available aFter the PAYMENT.\ninfrastructure rebuild will cost you MUCH more.\nContact us ONLY if you officially represent the whole affected network.\nThe ONLY attachments we accept are non archived encrypted files For test decryption.\nSpeak ENGLISH when contacting us.\nMail us: ***@protonmail.com\nWe kindly ask you not to use GMAIL, YAHOO or LIVE to contact us.\nThe PRICE depends on how quickly you do it. " @@ -15562,7 +15605,14 @@ "links": [ "http://rgleak7op734elep.onion", "http://rgleaktxuey67yrgspmhvtnrqtgogur35lwdrup4d3igtbm3pupc4lyd.onion/", - "http://p6o7m73ujalhgkiv.onion" + "http://p6o7m73ujalhgkiv.onion", + "http://2dxxyil6kur3qpht2tkklupdgacrcbfun6qf5jmk3hafmt6n6ockbzid.onion", + "http://goh2zbohdiblk23scvtae7delci5cioy73la2lnrduxutxksl7xiscqd.onion", + "http://t2w5byhtkqkaw6m543i6ax3mamfdy7jkkqsduzzfwhfcep4shqqsd5id.onion", + "http://wxbpssv4hiwlcgt4cxam3cznu4feqgf5pqfibbku3x6dwvtcakdkyeid.onion", + "http://xxbsnxdqmthgpydddmuvg7yzy6pdfnlnlepxa5my4mjiqjsee6yidhyd.onion", + "http://7twfgaqyik3xfuu4.onion", + "http://ragnarmj3hlykxstyanwtgf33eyacccleg45ctygkuw7dkgysict6xyd.onion/" ], "refs": [ "https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-targets-msp-enterprise-support-tools/", @@ -16085,7 +16135,13 @@ "http://2cyxmof76rxeqze5snxxooqmhzjtcploqswxoxmenfayphumdhrtrzqd.onion/", "http://rqqn25k3hgmfkh7ykjbmakjgidwweomr7cbpy6pfecpxs57r5iwzwtyd.onion/", "http://mu6se7h7qfwuqclr4cc6zy7qevod6gyk37aq5vwnayrtbx3qqycx2fyd.onion/", - "http://urey23jtg6z7xx3tiybmc4sgcim7dawiz2abl6crpup2lfobf7yb5wyd.onion/" + "http://urey23jtg6z7xx3tiybmc4sgcim7dawiz2abl6crpup2lfobf7yb5wyd.onion/", + "http://ao5oo2luy6avdfomyw7hcegmfl4let2g5bzjqjzch6b5rpdshmuvccad.onion", + "http://urey23jtg6z7xx3tiybmc4sgcim7dawiz2abl6crpup2lfobf7yb5wyd.onion", + "http://mu6se7h7qfwuqclr4cc6zy7qevod6gyk37aq5vwnayrtbx3qqycx2fyd.onion", + "http://eleav2eq3ioyiuevbyvqaz3vruwvpislphszo4cm7n56itbpnupxngyd.onion", + "http://2cyxmof76rxeqze5snxxooqmhzjtcploqswxoxmenfayphumdhrtrzqd.onion", + "http://rqqn25k3hgmfkh7ykjbmakjgidwweomr7cbpy6pfecpxs57r5iwzwtyd.onion" ], "refs": [ "https://www.ransomlook.io/group/blackout" @@ -22253,7 +22309,8 @@ "meta": { "date": "December 2020", "links": [ - "http://ixltdyumdlthrtgx.onion" + "http://ixltdyumdlthrtgx.onion", + "http://m6s6axasulxjkhzh.onion/" ], "refs": [ "http://www.secureworks.com/research/threat-profiles/gold-winter", @@ -24910,6 +24967,14 @@ }, { "description": "ransomware", + "meta": { + "links": [ + "http://mrv44idagzu47oktcipn6tlll6nzapi6pk3u7ehsucl4hpxon45dl4yd.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/bitransomware" + ] + }, "uuid": "a378ddf1-5981-4e76-8672-60dd4cb67dc1", "value": "BitRansomware" }, @@ -25002,7 +25067,13 @@ ], "links": [ "http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/", - "http://continews.click" + "http://continews.click", + "http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion/", + "http://contirec7nchr45rx6ympez5rjldibnqzh7lsa56lvjvaeywhvoj3wad.onion/", + "http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/", + "http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion", + "https://contirecovery.best", + "https://contirecovery.top" ], "ransomnotes": [ "All of your files are currently encrypted by CONTI ransomware." @@ -25479,7 +25550,8 @@ "meta": { "date": "November 2020", "links": [ - "http://3r6n77mpe737w4sbxxxrpc5phbluv6xhtdl5ujpnlvmck5tc7blq2rqd.onion" + "http://3r6n77mpe737w4sbxxxrpc5phbluv6xhtdl5ujpnlvmck5tc7blq2rqd.onion", + "http://gunyhng6pabzcurl7ipx2pbmjxpvqnu6mxf2h3vdeenam34inj4ndryd.onion/" ], "refs": [ "https://blog.sekoia.io/vice-society-a-discreet-but-steady-double-extortion-ransomware-group", @@ -26021,7 +26093,130 @@ "http://2cuqgeerjdba2rhdiviezodpu3lc4qz2sjf4qin6f7std2evleqlzjid.onion", "http://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion/api/blog/all/0/6", "http://vqifktlreqpudvulhbzmc5gocbeawl67uvs2pttswemdorbnhaddohyd.onion/", - "http://alphvuzxyxv6ylumd2ngp46xzq3pw6zflomrghvxeuks6kklberrbmyd.onion" + "http://alphvuzxyxv6ylumd2ngp46xzq3pw6zflomrghvxeuks6kklberrbmyd.onion", + "http://d75itpgjjfe2ys2qivqplbvmw3yyx7o5e4ppt2esit2lluhngulz4hqd.onion/", + "http://sty5r4hhb5oihbq2mwevrofdiqbgesi66rvxr5sr573xgvtuvr4cs5yd.onion/", + "http://xnsbsjciylsg23zfmrv6ocuyh7ha5zexeouchlr3zsi5suda4arpeyqd.onion/", + "http://24y6h7fwi2fvlv2kuzudyiumjqz4rgqcml2wr7te6ugcgt6qatqe64yd.onion", + "http://2plv344u23ebuayurqcfbjbnxpqzqknja3ca7ulbnnwtgb6tpmqqsvid.onion", + "http://2udgodqyt6jn7s7cb7n66kaisg7i6gxo5n64tnvlk7dee4d4rguojbid.onion", + "http://3bkgnqvrdlzib4t62oyo22eqljdrjaxtwcsvgwystog6yiyx7j7b7nad.onion", + "http://3fgntkytua2jb7rarvuchns6ka7tfh3uc6ypub3ffepjq3jekb3eypyd.onion", + "http://3g7cqn66j3uwes7jah744u6fzuzymvnlubn67624jwvswoollqkjtzqd.onion", + "http://3id2g6u3dwvg7nsarfkgsdf3odp5hb7owvnoqbipbisekudptetuxtad.onion", + "http://3kqfll43jsj7boglorh5xntudnynlk6howi6ks543cctlrnid4dzwdad.onion", + "http://3md3it5uxkebudflmlratms66jvwkrdphzoo4nzsvwh63niqpz42aeyd.onion", + "http://3oz6naflgy7gbtc4psqumk4dd7meq37tjxw7qxhytuiysyq3632xgsqd.onion", + "http://3s5pzwlqllrzz4xlluholmqgueje7lutlugbdnwa3ehbedrxaq5wjbad.onion", + "http://3xa42kwkeiwzhjybddfeifad7vn2kvsslybquledvib5xsfkylwtwyid.onion", + "http://425yxsnocj47lwgueymn7y4y4vrphccooa3diabzoqdl6cslxriqxrqd.onion", + "http://4kfzqzfci7uqpgngrosuukgj2dr745cyqgenbaojycdykgxipabnyqyd.onion", + "http://4mncnm5bl3jfotcgrn7zv2uznfzs2oo4sahwrlqvwcd265x6jdudkcid.onion", + "http://4qmsi7vcdrrutxapxbc7eofjjzfsvam3fehgmk6xyivwcroqkqjij5qd.onion", + "http://5e2q3uzczl3bur23dxfxxu5unlukuqrlseesmxc7v7dmo4qgbr3kaxqd.onion", + "http://5ety7tpkim5me6eszuwcje7bmy25pbtrjtue7zkqqgziljwqy3rrikqd.onion", + "http://5hhrba7et452bt3ttwqewumlua5t3vyyr27iomrv2o3ae6of3l7hghad.onion", + "http://5igait2ocdf7kfktyemdgdl6cot43ryecr5ycqid6drydhpuzibu54qd.onion", + "http://5rosrz5d53usc6p7s7qjvvcqv4bbedvpjsv3dzls7kuend2i65s7peqd.onion", + "http://6lbwfgybggslvhkbsfqo427sqnfhutb65wmhvj5qlko32farj6w45qid.onion", + "http://73tzbwujmnmz35k74eclnhlkwmnjrlmfeut3udxwnfsc53kg2kvdpead.onion", + "http://752ezjq6t4pwdtrwviimap3wlzqm2qzd6hh2rwffzq3d2urw3o7xa6qd.onion", + "http://7pwwm7j5w5gjgs7nibha6dqknqliiwqvimkkja7zdgmozx2ikjtfigad.onion", + "http://a5ciw2q5jijci5wj63s47zpul7bq3n36ng2qncta24yc6bsmkhoeg2ad.onion", + "http://acvhxy4cc52a7iv7ugc4eq6dq6nus2s5xduew7s2wkaw6nhftasyq2yd.onion", + "http://afl6q5mjgzgm765wfneiojktyppxbhkclhghfgcfpvr2nmadczqs4sqd.onion", + "http://ajdtbop62plz3s2uw3rjtegilw4lfmixl7h4p6oset5rq5jihwtehtad.onion", + "http://amo6c37dbe2bkgpopymaqms4vusn7kafqxy7pgqk2etengd76xk5w3ad.onion", + "http://arzaonkha4jubxjgg47dkjjz42ol72wmwvjmtz47a33box2gupk2v4ad.onion", + "http://bjiztkvfzboiiggfnf3pctsyllq6fy6rmllxbq4rk7uyd3w4eh2snpad.onion", + "http://bmebpteoa53k76zoiafykh4axr4kzbx7jn2djvdrdde4r57bckkfxsyd.onion", + "http://boq6yg6a523cqjbsu7nwjscakdpnjlyytapnodmmimh63kq7r3l3hmyd.onion", + "http://bq67odzyhxshp3vcvdvau4xosn54rmudy3dzqlmm2hkd3m4b2qackcad.onion", + "http://bvn5r7dzfdn2k2wcv7ifwtvi37zsm5kxv776nqw5lh7hwr4gd7msyhyd.onion", + "http://c5ic3pm46hytw4r47z6t6yxsffndo52lcitf5sgauwyrqmsjfb4etdqd.onion", + "http://cffb3fd2sofyiemffnzy7jjbuq7la3nftexl26574q3xkw5ycqf2r3id.onion", + "http://cfj4bsnfi4ktpfoei7uqggz5sb443fhvvbkxbmu3dhfriomg2txxgxid.onion", + "http://chygou6fs4nu2r56ncfd3crjb62s6sysulg7y7ds2tbdoa4d3wcwrdyd.onion", + "http://civmwfeogouzf27jldj2buu3ihmpooupjhfbdgdth6maptrntim6oiid.onion", + "http://d2abffaqhce6cbnlrdcsb3iafxhr5iqmezpfoxkpx3zf5j7tngqdskid.onion", + "http://dcoezwwwxij2trzd3oqhtyjg3lgvgzmyzrj2pcs3rdfh4tl5267dwpyd.onion", + "http://dgxxqqhvob4cvriyy2rdiwgyvuqewwsq4tbq7rnk5ulqh6zvroutvpyd.onion", + "http://doh3rlqtvg24yu4r4w7bk5twm7w6nm7wqsr3d3roc7jisrdqf5catnad.onion", + "http://dr2tr76ftudjccp4zc7fks5lhk3pg3rifl3rcc36bgm46sfivkq2sfqd.onion", + "http://dx2g4nm4ouhpqd6c6ttkzbnsliw3empzrwej3ilbwo6zz4g5rcgeazid.onion", + "http://e2ejecjvrpik5bjbvdczu7bjww4epxzsyz3nl7f52oe5pi43ddcsixid.onion", + "http://elcurwunjxjhx24aud6p47htzrrkxvbispdacsatsumlunagoylbgwad.onion", + "http://eyeeabnztw7jphcloghjraqihvon5pgo3gegsgypkg3cxn6jhg4wq5yd.onion", + "http://fafuye3k6sfv4t4nkr2vje5s523q6hfego5cwlze6gdntvxgnjebqnid.onion", + "http://fbehz3443h644jrcu3djvexhplhmnijilkq54puzrxuvloc42oykgiad.onion", + "http://g5a2thsvpabyjp6prphsque7nyaauul4rryr2nulytakggkecls23bad.onion", + "http://ga6pe777wjfk6xuhkepqtfldiqjx253an7dofzmyrlwzgqipqgtwwtyd.onion", + "http://gevvr5kripac4p52ixiq3ufnkr4qasn64r5d7fsyu3kk2zmuyarbvdad.onion", + "http://gjv7s67txrkdxftyfyt2xpcqkp76bmy7eqlumhmile6z6z2y23jkpkad.onion", + "http://hdyacvmmr4x2ms5tg4w5vnqzxfnlat4iosbmf7qz5xxoumnqfrcv2wqd.onion", + "http://he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion", + "http://hut4icumte4mphbzuk7cycppiubjdzfpilgsdku6vydrn7kg7y5f6oad.onion", + "http://i3jwvuhloergmbeimztm6btpjzshvvcaqj2qrweeehcjhf37tndxtoqd.onion", + "http://ieflygyfoezms2wshjpfyfz4hpyxjcdtxejntysvopd7n7cmmnucbkad.onion", + "http://ijmyrvd3ntbdu22auxpgiiblzxplfw6xqpdztoosfrbqiznymayxfsyd.onion", + "http://irn7otydieltebh3ex2rdfpspdxbcyrgp6kqczjtg4xd7ay7dfmbf7id.onion", + "http://iromfhuademn34fsfdvdrobxdj3tz7mfp2rdj4o2nmfp55fr6xgm3hyd.onion", + "http://j7gpjp46swlikocg3v7tlxc2zdrdlg5gft62bnqiqjgv4lzvaeg6h5id.onion", + "http://jrq44df5h2xysjsajuidspv7zxl7g7v7viujicudptufaozi2i65cnad.onion", + "http://khmpzqnzpya5o27lyp2vt2vw5cy7rb2mfflrhmikubhetncf2nh7ahad.onion", + "http://knt3cs4tkxqdnrjrzk3n7txyhb6c5szkgjwy74jomyvy5xuli5qcdsid.onion", + "http://kv7nxc6sg625vl4rd4fsy4asero3jqivp7zyhaohsyww2xnk7r7yenyd.onion", + "http://kx77iuzg25qlesz3zm7nvy4i6vxecc5jtksf5gllknescfktvzhyo2yd.onion", + "http://kxmbveamxzfrnxacprpbldcy3p263kvrjiblaw4p55mzrkaf3si6w4id.onion", + "http://l2gsnjel3ongbhzvuftuhkbkx5uoso7fvsfqq6oxt25ph4anxxwnl2qd.onion", + "http://ldl45mghc3vscfucdntjc2cax7z3k5fxxxfthvrxhilr4sk2a2dveqid.onion", + "http://lkwkv2pzl3rpo63pqagijqsdo5t52lqwvuu5n34ito4jjnkyfc66smyd.onion", + "http://m6hx7svbvoxhkylaey2jfqxxcychksmx7n455aavt4nan6cuztzkiiyd.onion", + "http://m75bpllrckr7gus26rd6clvvcq6my6tb2bmw6crsevft4t4sv4fsbeyd.onion", + "http://mdixxkgamwij6sy7stxy4fiqwbmfmci2fbjbbndaq2txgaz25zz23xqd.onion", + "http://o522tg3wwqzypsc5yosrhr7mji5as45p2srrzvwd762h5sparfw3j2id.onion", + "http://oylk6phjrgcjvhv5rjijwrpcqj4ig3f2evbxb6lzofw7cbgxlpetq7ad.onion", + "http://p4tn5c42tfkr257a5djzs7iadvuunb7ydowuc6s2ghifbv5buc5pvsad.onion", + "http://p5f7j74vjhcifcxjmg7dswszfsk5z73ftohjj4nlnq7k3qcy4vtxraid.onion", + "http://pmpkjv36ca5ykwmjnfnr5cadctt4ldcekaxocbwa57btujhi7mly6kid.onion", + "http://puqwe2eijzpw33p65qq4ql37dtza64ug3hpsflgxvok7kipzinzry2qd.onion", + "http://q72tfgqh6wi237u2nqxuyuiawkyac5p6qav7mo2r67mu3ufl5gbou2ad.onion", + "http://qfhgvlly3qmrp4sbpr54bc6ci2riwuac6aw72enw2xmcb5yo57jzmkad.onion", + "http://qpcdrem3wd7ihi3x2tfgy7tvh2ldck4nezaxotxqc4vrc2ek3hkmejid.onion", + "http://qrrfiv7l5gsrc7q2n6mfxrbaq33vsvum7d6plx4maslkfxk5pmxt6ayd.onion", + "http://r4aub3bfqf4jh2e6whomjt6bs6abzvtlhwuu2us4fhglnhic3rjegoyd.onion", + "http://rq4ahdxs5yjm5s66d7dkgwpwduzj6e5yckhdt2mqmc3utp47ap3fjcyd.onion", + "http://rwkwobi6dz6dxzhnjpnau77ejcq3ar4ajjal42pj7usotilyj3bbfpyd.onion", + "http://rzs7rnmp37k6g3wbmym7oi23h2cc6wcf65oxsetun6cp25sna6256xad.onion", + "http://s5hcgpxzeehnkwlpb3xkelvkv6rpi5rszmhfeywncja26bxdzexp6zqd.onion", + "http://s7isfnfsrrnogkkvzzmqpqlcehajalaht5nmel7nbxwhvqc52jj2ejid.onion", + "http://sktwn6mi53hbyylkzswtquemuuirsn5qivdz4evhgbobqqzcfbw6pyid.onion", + "http://smo3gebcr5mkff7ja5ayi2xdz2xsapdixak4eosj5ah6fgrbluoxrkqd.onion", + "http://t3zm26nipjrttk5bzbr37crc32kufsixoonf7tmyqviduogoul54vbad.onion", + "http://td4ngpvlle7udkh5svgilgph5v3f63uo3hv3coh7gpdsqozo6it46sad.onion", + "http://tfeo2er3vmcal5tltu7vpnegh2cmmjsdyldfhisdco75mysi4ta6dsqd.onion", + "http://toeaxffzwscqgb7ftetfvldqf2xkqfx4g5kpqejney2ysyirtqdwcvyd.onion", + "http://tuw6in37vku6kg3mvnwaxsldhruujpihibpxbq5ne42phqgv4ekuirqd.onion", + "http://u27qc3ar5s2pqaod5ugxwyymaay6zii5lqfeo4nrs6ykysgzznk3kmad.onion", + "http://u3cko3mc66cfvnf5luzkw5n36q34eges5raq2i3viuiewfvnkqoxztid.onion", + "http://uab4byztmlcfsqb6v7pjoe3pnrvx2uckcuegvjyqui4wzy77jppzd3id.onion", + "http://ucrh53a22g5l3swwtfvvrjjtawrubpedn4s7lws4krbyy7itpvymybad.onion", + "http://uvovouktcgmq55h5i7axt4qrms6iq6znn5cfcrmg7qjseray4dcjxxqd.onion", + "http://vgkclj5nqv53iy455dlfthg75a5cg6ndkazvizrnxrx7fshdqzw4m2yd.onion", + "http://vldmvht6s253et33ce6gcth2vikuvsi7xgkzim5frqiowq6an6tmlaad.onion", + "http://vzxulehmjar6jmkjiy6qpj5mbgma3nl7o2mncrimjwjl5j3lk5ea35ad.onion", + "http://wiuco7yxvd6ygklc5kngraftysq7sgtkpcqtstpthj3ihxdarjlojcad.onion", + "http://xqclaoqanufx6z77e3ieun4xvmrsenolxjhhvlk56yfncuke66myfsqd.onion", + "http://xvks2js3rexd7kyzitdpnwzzqt3s5xxqj2dkydep6r563u7bgfgbdead.onion", + "http://y7u6xpydaobdwz7puojmze3estmhyx4qpbpihm2qfsfdgoenns6gtcid.onion", + "http://yh4vjsv3u27zlzosrsjc5aveua3iclhifjmwdr5uujsaqz7hfkkljfid.onion", + "http://ymfmzthvho5q7jituowluckkq45dogsf3ru25ev4nlehaq65hy4w6pid.onion", + "http://yo3f4ytjbuf3j4bx3m6s523e5hue7afxaprlikjuxf57ed7pc5dnpaid.onion", + "http://zae5d3try3lmnpb6mcx2mbqgp5xawuixm4ktofscv63btekwvcpg6ryd.onion", + "http://zawzev3zlywn7dy642nokfgmkmupgsrfhhquhhqkgcwml2pk7io6fjyd.onion", + "http://zcll3muuhw3uqtgxzdojqv52fuifg5z2knk5w63mljvujs2g2wywluid.onion", + "http://zf3raijx7m6xm72uenqrql5b2qtkbvnxi7fgzqjxfcizp7lylmvzvdid.onion", + "http://zu4jfbwu4on24mvtxm3gojoaw6ltk4wlebtfvly4haykp4tusdcrv5yd.onion" ], "ransomnotes-refs": [ "https://unit42.paloaltonetworks.com/wp-content/uploads/2022/01/word-image-78.png" @@ -26453,7 +26648,42 @@ "meta": { "links": [ "http://quantum445bh3gzuyilxdzs5xdepf3b7lkcupswvkryf3n7hgzpxebid.onion/", - "http://quantum445bh3gzuyilxdzs5xdepf3b7lkcupswvkryf3n7hgzpxebid.onion" + "http://quantum445bh3gzuyilxdzs5xdepf3b7lkcupswvkryf3n7hgzpxebid.onion", + "http://dgnh6p5uq234zry7qx7bh73hj5ht3jqisgfet6s7j7uyas5i46xfdkyd.onion/?cid=", + "http://26gzvue4vlgxuiaaotxl3bbdepuf55sdrsailywbrc7kdrcgwo62ghqd.onion", + "http://275dg33wjetp6arghjtp3d7265nsknx2heho5n6bqioy2ehl7c3i3iyd.onion", + "http://2gknqtqreqfoedfd3sey4vqgp7fhc4xyagtj6yl3pz6swkliuakfx7ad.onion", + "http://2k5qdebrbzv2uj2xz25f53bhjyqgmv2vixyy7p3vaeeb2bqz6jhnalad.onion", + "http://3uzycwcxrccpvrwx43mpr3gxwcqqgu4x72kedws6zuolp45gopjrzqyd.onion", + "http://6kkjbpmqavf2nvs33furf3hywg2z4e4zrnwnmzegcpq4atfyp3jilnid.onion", + "http://77jtf3wyb4rtsemeodl6h3hfblhgwj32ex3r7ywigg5mzfaqf7w5x7qd.onion", + "http://7qlb63hy45ijihaeal26uyoms4r33dlrg64dr7ry7blnzhhwhov6jsad.onion", + "http://7sqjgyldxtur4p3nkpdzacldqonnovklnibxhz4y6saremsrmh6vf2yd.onion", + "http://agxyd52t6tfoahsvi6mfk7nqwpoe2xj6wp75vnv7ffrfxg5vtw6guxid.onion", + "http://b2rt3dmb62jo62e2rr5rfrpyomka477tjkcni2fsamjd3wksolae5wqd.onion", + "http://bfdwhgjey6xb25e6pc6i7upnswh4znqwwnmlmgzapiwfmt7ugzcwvyyd.onion", + "http://bi7v6o5djhfji22usugjzpk26nvvwugaubrf3yypyvmkzw7su2nad5id.onion", + "http://cee77a5wsey5vohubq76en4bgsqbdrasito3zn7ziu5vouhbzxtx6syd.onion", + "http://ct7jsq3dbwcvcafnwli7tfv2pf62y2rfhos4a66gu7twqkcclkih6wqd.onion", + "http://dblgdn4manmaiewnsqa3vgm26v7ujtx75wtev5pyfmtpww4ofqrqpiid.onion", + "http://dw6sy3pt54fh6d3yo4wpb7qjtwdlyyi3qd5oabdwlmlmuyhsxvnblvqd.onion", + "http://fjlprvuqzs6h4ielcdkmof5nju3ent7c34esaptm7677xono7osvp5yd.onion", + "http://friazjtqhznoknwi5354lnkwa4lhgjti74l4asfhsjeoe5dulwitpcqd.onion", + "http://k2j6llaw66bvlgxcy67uj2prdqqzbl7aj46wab4mpdyizpmati55kfad.onion", + "http://leqg2fthiage4ockldnf7trwdx3bvehni7vjf6wbwsitnbjtotbv3nid.onion", + "http://nugus3xk456m3xhokm2q5zusujhqodirm5vfke6jmsej2jy6sgbn4oqd.onion", + "http://nxvvamxmbdn3latdplq6azgeeuieaek32h674nl6lzavcod2f2obvxyd.onion", + "http://ohmhgcrvte6aftgnm5lefq7ztannicarzo6lus2bih3zg6ugklf4tsyd.onion", + "http://oyjydoka32xa24doeymhq4thoibxqdd7i7hnngojpycd74frggkvhyyd.onion", + "http://q45frho6hatxtx7qxjytt4cswinakvc2h6iag65jlsaws32xdzz47kyd.onion", + "http://rrmywkltwjpntybqj7migd5ibdzzxulnhgndb6dnoe6unlljslqb7lid.onion", + "http://uwr2mmcqtroeyu6bzgivwwzdcpe2a4e74r2srlzveyltsi57n5bnsbqd.onion", + "http://wcmxtfzde2hmhsreqgflwvkawmyfvuyqcebuq5w5qj3rllo2jpb4l2yd.onion", + "http://wly4qu4q6abduzwm7ryai4ehysgnk5f25v6ddofcyuasbfntwnqjkcid.onion", + "http://x3djueexuhivjtdj5udkjzfsm37kiaoeqy5ywluljbfsf2wsuom5yyid.onion", + "http://xrjwgvn3sv75zrcmfdarz3futzx54uyy6o6si5pj5phhee3nlokkopyd.onion", + "http://yizydlt5rl6br3qihvjdgfsprrq2ealnoq2eg6koqs6yv47d3byucxqd.onion", + "http://zes5libwlgrfnttkpgtbimbixyb4t6k6rhuxhayzq76j7zgxqt64piad.onion" ], "ransomnotes-refs": [ "https://www.guidepointsecurity.com/wp-content/uploads/2021/04/Anonymized-Ransom-Note-1-1024x655.png" @@ -26471,7 +26701,8 @@ "https://kienmanowar.wordpress.com/2021/08/04/quicknote-mountlocker-some-pseudo-code-snippets/", "https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware", "https://thedfirreport.com/2022/04/25/quantum-ransomware/", - "https://www.ransomlook.io/group/quantum" + "https://www.ransomlook.io/group/quantum", + "https://www.ransomlook.io/group/dagonlocker" ], "synonyms": [ "Quantum", @@ -26519,7 +26750,8 @@ "http://daulpxe3epdysjozaujz4sj7rytanp4suvdnebxkwdfcuzwxlslebvyd.onion/", "http://databasebb3.top/", "http://l6zxfn3u2s4bl4vt3nvpve6uibqn3he3tgwdpkeeplhwlfwy3ifbt5id.onion/", - "http://onlylegalstuff6.top/" + "http://onlylegalstuff6.top/", + "https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/" ], "ransomnotes": [ "Your data are stolen and encrypted\nThe data will be published on TOR website if you do not pay the ransom\nYou can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565y1u2c6Lay6yfiebkcbtvvcytyolt33s77xypi7nypxyd.onion/ \n\nYour company id for log in: [REDACTED]" @@ -26583,7 +26815,13 @@ "http://dlyo7r3n4qy5fzv4645nddjwarj7wjdd6wzckomcyc7akskkxp4glcad.onion", "http://fl3xpz5bmgzxy4fmebhgsbycgnz24uosp3u4g33oiln627qq3gyw37ad.onion", "http://jbeg2dct2zhku6c2vwnpxtm2psnjo2xnqvvpoiiwr5hxnc6wrp3uhnad.onion/", - "http://53d5skw4ypzku4bfq2tk2mr3xh5yqrzss25sooiubmjz67lb3gdivcad.onion/" + "http://53d5skw4ypzku4bfq2tk2mr3xh5yqrzss25sooiubmjz67lb3gdivcad.onion/", + "http://a2dbso6dijaqsmut36r6y4nps4cwivmfog5bpzf6uojovce6f3gl36id.onion:81", + "http://vzzf6yg67cffqndnwg56e4psw45rup45f2mis7bwblg5fs7e5voagsqd.onion:81", + "http://inbukcc4xk67uzbgkzufdqq3q3ikhwtebqxza5zlfbtzwm2g6usxidqd.onion:81", + "http://p5quu5ujzzswxv4nxyuhgg3fjj2vy2a3zmtcowalkip2temdfadanlyd.onion/", + "http://tj3ty2q5jm5au3bmd2embtjscd3qjt7nfio2o7cr6moyy5kgil5pieqd.onion", + "http://kpfj3bmo77bwpy2f5zzwj4knatueuv7t3ldlpp4tlrmv2buiziw2tdyd.onion" ], "ransomnotes": [ "BLACKBYTE \n\nAll your files have been encrypted, your confidential data has been stolen, in order to decrypt files and avoid leakage, you must follow our steps.\n\n1) Download and install TOR browser from this site: https://torproject.org/ \n\n2) Paste the URL in TOR browser and you will be redirected to our chat with all information that you need. \n\n3) If you won't contact with us within 4 days, your access to our chat will be removed and you wont be able to restore your system. \n\nYour URL: [LINK]\n\nYour Key: [KEY]", @@ -26634,7 +26872,11 @@ "description": "Ransomware", "meta": { "links": [ - "http://blog2hkbm6gogpv2b3uytzi3bj5d5zmc4asbybumjkhuqhas355janyd.onion/" + "http://blog2hkbm6gogpv2b3uytzi3bj5d5zmc4asbybumjkhuqhas355janyd.onion/", + "http://qrcxhs4x2n4a65rk3zbwm5hu6475bi4w2mdjhfmusovnjc6hc6qcv3ad.onion", + "http://ocsmkribkmoij3uhvhxlpxlpebqhzo5uingee7mvebnv57jqya745uyd.onion", + "http://ybxtfftwy2iwfqjy7fvvcrt5sd55fx3sk2yuztbx3y2dxb4dvqdhsiid.onion", + "http://gwvueqclwkz3h7u75cks2wmrwymg3qemfyoyqs7vexkx7lhlteagmsyd.onion/" ], "refs": [ "https://www.ransomlook.io/group/redalert" @@ -26746,7 +26988,12 @@ "https://3f7nxkjway3d223j27lyad7v5cgmyaifesycvmwq7i7cbs23lb6llryd.onion/", "https://www.karanews.live", "https://karakurt.tech", - "https://karaleaks.com" + "https://karaleaks.com", + "https://omx5iqrdbsoitf3q4xexrqw5r5tfw7vp3vl3li3lfo7saabxazshnead.onion/", + "http://53dxw3yoeirahqn263a7ihzv2hhsjzdgvwqxdcuujlsrctmqzsph6tid.onion", + "http://jo7jezin3bmprlivyleqfv7rq3j4m36hd7bf2bguabxf2rlyrvrjwhad.onion", + "http://nrulhk2lbzt7jw6tnsq6gkjrn37j7uwfu5oxbuxezgherhuhakl2tqid.onion", + "https://t5sb509msc3q4ls06o1g8e4egfxl1o7e79yvlldakfphc0nf7rwiyphv.onion" ], "refs": [ "https://www.ransomlook.io/group/karakurt" @@ -26764,7 +27011,8 @@ "links": [ "http://omegalock5zxwbhswbisc42o2q2i54vdulyvtqqbudqousisjgc7j7yd.onion/", "https://0mega.cc/", - "https://0mega.ws/" + "https://0mega.ws/", + "http://kbavsfyafrpsostfrkg2w2f7ttf55sz3pfqmoza3o2t3mhrdalvdu7yd.onion" ], "ransomnotes-filenames": [ "DECRYPT-FILES.txt" @@ -26832,7 +27080,8 @@ ], "links": [ " http://kwvhrdibgmmpkhkidrby4mccwqpds5za6uo2thcw5gz75qncv7rbhyad.onion", - "http://kwvhrdibgmmpkhkidrby4mccwqpds5za6uo2thcw5gz75qncv7rbhyad.onion" + "http://kwvhrdibgmmpkhkidrby4mccwqpds5za6uo2thcw5gz75qncv7rbhyad.onion", + "http://kwvhrdibgmmpkhkidrby4mccwqpds5za6uo2thcw5gz75qncv7rbhyad.onion/" ], "ransomnotes": [ "Your network have been locked.\n\nAll your files, documents, photos, databases and other important data are encrypted and have the extension: *******\n\nBackups and shadow copies also encrypted or removed. Any third-party software may damage encrypted data but not recover.\nFrom this moment, it will be impossible to use files until they are decrypted.\n\nThe only method of recovering files is to purchase an unique private key.\nOnly we can give you this key and only we can recovery your files.\n\nTo get info (decrypt your files) follow this steps:\n1) Download and install Tor Browser: hxxps://www.torproject.org/download/\n2) Open our website in TOR: hxxp://kwvhrdibgmmpkhkidrby4mccwqpds5za6uo2th cw5gz75qncv7rbhyad.onion/I8VC6PIEQL8JFKHM\n3) Paste your ID in form (you can find your ID below)\n\n!! ATTENTION !!\n!! Any third - party software may damage encrypted data but not recover.\n!! DO NOT MODIFY ENCRYPTED FILES\n!! DO NOT CHANGE YOUR ID\n!! DO NOT REMOVE YOUR ID.KEY FILE\n\n --- BEGIN PERSONAL ID ---\n\n --- END PERSONAL ID ---", @@ -26929,7 +27178,8 @@ "meta": { "links": [ " http://avaddongun7rngel.onion ", - "http://avaddongun7rngel.onion" + "http://avaddongun7rngel.onion", + "http://avaddonbotrxmuyl.onion/" ], "refs": [ "https://heimdalsecurity.com/blog/avaddon-ransomware/", @@ -27063,7 +27313,8 @@ "meta": { "links": [ "http://bianlianlbc5an4kgnay3opdemgcryg2kpfcbgczopmm3dnbz3uaunad.onion/", - "http://bianlivemqbawcco4cx4a672k2fip3guyxudzurfqvdszafam3ofqgqd.onion/" + "http://bianlivemqbawcco4cx4a672k2fip3guyxudzurfqvdszafam3ofqgqd.onion/", + "http://bianliaoxoeriowgqohcly4a6sbkpc3se2yvxgidxomxlpuhx5ehrpad.onion" ], "ransomnotes": [ "Your network systems were attacked and encrypted. Contact us in order to restore your data. Don't make any changes in your file structure: touch no files, don't try to recover by yourself, that may lead to it's complete loss.\n\nTo contact us you have to download \"tox\" messenger: https://qtox.github.io/\n\nAdd user with the following ID to get your instructions: \nA4B3B0845DA242A64BF17E0DB4278EDF85855739667D3E2AE8B89D5439015F07E81D12D767FC\n\nAlternative way: swikipedia@onionmail.org\n\nYour ID: wU1VC460GC \n\nYou should know that we have been downloading data from your network for a significant time before the attack: financial, client, business, post, technical and personal files.\nIn 10 days — it will be posted at our site http://bianlianlbc5an4kgnay3opdemgcryg2kpfcbgczopmm3dnbz3uaunad.onion with links send to your clients, partners, competitors and news agencies, that will lead to a negative impact on your company: potential financial, business and reputational loses." @@ -27224,7 +27475,8 @@ "meta": { "links": [ "http://cuba4mp6ximo2zlo.onion", - "http://cuba4ikm4jakjgmkezytyawtdgr2xymvy6nvzgw5cglswg3si76icnqd.onion/" + "http://cuba4ikm4jakjgmkezytyawtdgr2xymvy6nvzgw5cglswg3si76icnqd.onion/", + "http://i34gbmo5rxx3bxc4yl7f4erkyo2oldwavhpdragnjjvhni6fwvptp2id.onion" ], "refs": [ "https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cuba-ransomware.pdf", @@ -27267,7 +27519,16 @@ { "meta": { "links": [ - "http://7ukmkdtyxdkdivtjad57klqnd3kdsmq6tp45rrsxqnu76zzv3jvitlqd.onion/" + "http://7ukmkdtyxdkdivtjad57klqnd3kdsmq6tp45rrsxqnu76zzv3jvitlqd.onion/", + "http://232fwh5cea3ub6qguz3pynijxfzl2uj3c73nbrayipf3gq25vtq2r4qd.onion", + "http://7ukmkdtyxdkdivtjad57klqnd3kdsmq6tp45rrsxqnu76zzv3jvitlqd.onion", + "http://htz6biyazjyzzxllx4knuvux26xa2ixyjshjtwtgq4cm3vczylikm3id.onion", + "http://kolbh6putvp6aw3vpmsppor4kyzs7ctxfbp2donetycftz5jru73ytid.onion", + "http://kyk6lixosktvbtf3g6zte7kdzid2lwrprfod55mhwunafx6jzeoui7yd.onion", + "http://pkx3r7xe42z7fgkjjbocf7okdh77bsvngwvp6arykksob7gleyswicyd.onion", + "http://qlfnwdg2fyvmzmqkk33iwku32ynsbbk6hysorsvvadr4o7gfzs4t46yd.onion", + "http://r3h2balq6aa7plwe5p5bhxzwzxusrtldbfaamfseg33a5hk77bohzxyd.onion", + "http://v66nzl27xxmrulq6c2plrzr7tryv2idflhclpoyxrrn3kfw5gkkpveid.onion" ], "refs": [ "https://www.ransomlook.io/group/daixin" @@ -27301,6 +27562,7 @@ "value": "Darkangel" }, { + "description": "TOX: AB33BC51AFAC64D98226826E70B483593C81CB22E6A3B504F7A75348C38C862F00042F5245AC", "meta": { "links": [ "http://iw6v2p3cruy7tqfup3yl4dgt4pfibfa3ai4zgnu5df2q3hus3lm7c7ad.onion", @@ -27354,13 +27616,16 @@ "value": "Diavol" }, { + "description": "TOX: D3404141459BC7206CC4AFEC16A3403F262C0937A732C12644E7CA97F0615201A519F7EAB2E2", "meta": { "links": [ "https://sbc2zv2qnz5vubwtx3aobfpkeao6l4igjegm3xx7tk5suqhjkp5jxtqd.onion/", "https://doq32rjiuomfghm5a4lyf3lwwakt2774tkv4ppsos6ueo5mhx7662gid.onion", "http://sbc2zv2qnz5vubwtx3aobfpkeao6l4igjegm3xx7tk5suqhjkp5jxtqd.onion/", "http://dk4mkfzqai6ure62oukzgtypedmwlfq57yj2fube7j5wsoi6tuia7nyd.onion/index.php?", - "http://qkbbaxiuqqcqb5nox4np4qjcniy2q6m7yeluvj7n5i5dn7pgpcwxwfid.onion/" + "http://qkbbaxiuqqcqb5nox4np4qjcniy2q6m7yeluvj7n5i5dn7pgpcwxwfid.onion/", + "http://ieflygyfoezms2wshjpfyfz4hpyxjcdtxejntysvopd7n7cmmnucbkad.onion", + "http://5zhg2foerm66oqdpmhs52pzfkwqx5rcfhje5j5rltctq5cjs653u3rid.onion" ], "refs": [ "https://www.ransomlook.io/group/donutleaks" @@ -27453,7 +27718,8 @@ "description": "captcha prevents indexing", "meta": { "links": [ - "http://griefcameifmv4hfr3auozmovz5yi6m3h3dwbuqw7baomfxoxz4qteid.onion/" + "http://griefcameifmv4hfr3auozmovz5yi6m3h3dwbuqw7baomfxoxz4qteid.onion/", + "http://payorgz3j6hs2gj66nk6omfw65atgmqwzxqbbxnqi3bv2mlwgcirunad.onion/" ], "refs": [ "https://heimdalsecurity.com/blog/doppelpaymer-gets-a-rebranding", @@ -27509,7 +27775,8 @@ "meta": { "links": [ "http://kf6x3mjeqljqxjznaw65jixin7dpcunfxbbakwuitizytcpzn4iy5bad.onion/board/leak_list/", - "http://7kstc545azxeahkduxmefgwqkrrhq3mzohkzqvrv7aekob7z3iwkqvyd.onion/board/victim_list/" + "http://7kstc545azxeahkduxmefgwqkrrhq3mzohkzqvrv7aekob7z3iwkqvyd.onion/board/victim_list/", + "http://nxx3cy6aee2s53v7v5pxrfv7crfssw7hmgejbj47cv6xuak3bgncllqd.onion/" ], "refs": [ "https://www.ransomlook.io/group/icefire" @@ -27674,7 +27941,24 @@ "http://lbbp2rsfcmg5durpwgs22wxrdngsa4wiwmc4xk6hgmuluy6bvbvvtlid.onion/", "http://lbbov7weoojwnqytnjqygmglkwtim5dvyw3xvoluk5ostz75ofd6enqd.onion/", "http://lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead.onion/ec_page3.php", - "http://lockbitfnszjao7hayqsd424m74k5jxc52hozvabjrut7pjfsfaaaoad.onion" + "http://lockbitfnszjao7hayqsd424m74k5jxc52hozvabjrut7pjfsfaaaoad.onion", + "http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion/", + "http://lockbitsupdwon76nzykzblcplixwts4n4zoecugz2bxabtapqvmzqqd.onion/", + "http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion/", + "http://lockbitsupo7vv5vcl3jxpsdviopwvasljqcstym6efhh6oze7c6xjad.onion/", + "http://lockbitsupq3g62dni2f36snrdb4n5qzqvovbtkt5xffw3draxk6gwqd.onion/", + "http://lockbitsupqfyacidr6upt6nhhyipujvaablubuevxj6xy3frthvr3yd.onion/", + "http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion/", + "http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion/", + "http://lockbitsupxcjntihbmat4rrh7ktowips2qzywh6zer5r3xafhviyhqd.onion/", + "http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion/", + "http://lockbitfshjx7xrlafzhohinfu3theolrjakrlxoduwk65d755yahuqd.onion/", + "http://lockbitfsnvvv5dbubfbhb4qo23olw5n3a2pqs72p3yh2g6prkxrhvad.onion/", + "http://lockbitfsxt2gdyz72harnb7qa5qa6sf73bvy7wz65fuiw7vlxarujid.onion/", + "http://lockbitpn4nmflibn4cooh4sydie6bpoy33tbxa3rjebryxc5vblkwyd.onion/", + "http://lockbitpn7doehfdzu3r2orcibdx6njq62aavkr4hgh3p6rednr5gfad.onion/", + "http://lockbitpntsng25yxacx5jqdccvoqd5qtyzzximljfskvtk6ektjhvad.onion/", + "http:// lockbit7ixelt7gn3ynrs3dgqtsom6x6sd2ope4di7bu6e6exyhazeyd.onion/" ], "refs": [ "https://threatpost.com/lockbit-ransomware-proliferates-globally/168746", @@ -27695,12 +27979,14 @@ "value": "Lockbit3" }, { + "description": "", "meta": { "links": [ "http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion", "http://obzuqvr5424kkc4unbq2p2i67ny3zngce3tbdr37nicjqesgqcgomfqd.onion", "http://nclen75pwlgebpxpsqhlcnxsmdvpyrr7ogz36ehhatfmkvakeyden6ad.onion", - "http://mmcbkgua72og66w4jz3qcxkkhefax754pg6iknmtfujvkt2j65ffraad.onion/" + "http://mmcbkgua72og66w4jz3qcxkkhefax754pg6iknmtfujvkt2j65ffraad.onion/", + "http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion" ], "refs": [ "https://www.ransomlook.io/group/lolnek" @@ -27714,7 +28000,8 @@ "meta": { "links": [ "http://rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad.onion/", - "http://4qbxi3i2oqmyzxsjg4fwe4aly3xkped52gq5orp6efpkeskvchqe27id.onion/" + "http://4qbxi3i2oqmyzxsjg4fwe4aly3xkped52gq5orp6efpkeskvchqe27id.onion/", + "http://l55ysq5qjpin2vq23ul3gc3h62vp4wvenl7ov6fcn65vir7kc7gb5fyd.onion/" ], "refs": [ "https://www.secureworks.com/research/lv-ransomware", @@ -27729,7 +28016,8 @@ "meta": { "links": [ "http://wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion", - "http://wtyafjyizleuw4yhepmdsrcfjwmtiysunos6ixchw3r5d7eeimw2rrid.onion" + "http://wtyafjyizleuw4yhepmdsrcfjwmtiysunos6ixchw3r5d7eeimw2rrid.onion", + "http://wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin" ], "refs": [ "https://www.ransomlook.io/group/mallox" @@ -27809,7 +28097,10 @@ "http://drfxoorlgu5n4c4uhnfli7saprnl2p46i36duhyehmfp7ysn44e3quid.onion/", "http://t4h4hbkrrbrrfkbf6luhnewykjr52gkdmgfr6hbeeub5t2rcyhb4buad.onion/", "http://yyn3h2lnr5joqebus5syb2p3fzdms7avulvsn3m3gsdvwtgu2ow5c6ad.onion/", - "http://v4httzsp6ri6xcw7lpmdduvhce5avtla3yocfru5suxpgcgo7rw7slyd.onion/" + "http://v4httzsp6ri6xcw7lpmdduvhce5avtla3yocfru5suxpgcgo7rw7slyd.onion/", + "http://myosbja7hixkkjqihsjh6yvmqplz62gr3r4isctjjtu2vm5jg6hsv2ad.onion/chat", + "http://qkbbaxiuqqcqb5nox4np4qjcniy2q6m7yeluvj7n5i5dn7pgpcwxwfid.onion", + "http://monti5o7lvyrpyk26lqofnfvajtyqruwatlfaazgm3zskt3xiktudwid.onion" ], "refs": [ "https://www.ransomlook.io/group/monti" @@ -27846,7 +28137,8 @@ "description": "", "meta": { "links": [ - "http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion" + "http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion", + "http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion/" ], "refs": [ "https://threatpost.com/netwalker-ransomware-suspect-charged/163405", @@ -27961,7 +28253,32 @@ "http://lirncvjfmdhv6samxvvlohfqx7jklfxoxj7xn3fh7qeabs3taemdsdqd.onion", "http://lirncvjfmdhv6samxvvlohfqx7jklfxoxj7xn3fh7qeabs3taemdsdqd.onion/", "http://6yofnrq7evqrtz3tzi3dkbrdovtywd35lx3iqbc5dyh367nrdh4jgfyd.onion/", - "http://nokoleakb76znymx443veg4n6fytx6spck6pc7nkr4dvfuygpub6jsid.onion/" + "http://nokoleakb76znymx443veg4n6fytx6spck6pc7nkr4dvfuygpub6jsid.onion/", + "http://accurfjvcphjtfogx42gpmoobffwqpqzvv2mf7smr6no62fy7ootjnid.onion", + "http://canarodqqttgf2ofv7rkj74jvani7f2ftrbkmuw7zwyydlxikazimyqd.onion", + "http://chattms45un5jmh23dak7udp2vt3dp25rlifqszvrhx2mb2psieyybid.onion", + "http://cnaaiic2skxbhnm35xmh3sohqgulpiyocj7yv7shrw4t34r5bvqbbayd.onion", + "http://comcomtjphtjl5mrtguatt5rgi4hymyrnzpqi6faztwmt6kw5tczqyad.onion", + "http://domaing5xpfmowjeah2z3icrxcbxd6e5mzk5gduohgzijrmm6lr3vxyd.onion", + "http://eperfs2u7bnyzpavtje6ruuwzatpzexdbjejdijgmgbe7wjje7lmkqyd.onion", + "http://frescayge2pa3epoytdocxz2vzagphzmrl6sqxrvrowftso4oqreh3ad.onion", + "http://gaston333sywqydo4mudwjgbeieryqut4trd34kntirejrvwefp4wwyd.onion", + "http://grsrobpx6t7j7eu4zi2xqm6fsrztaoptz4tie5xoamge6c3byeo462qd.onion", + "http://guardxxhqcmyddgikmgmdjpljhgwo7s4p7nnfljo54ogjd5vpu2labid.onion", + "http://hyundaiyo7kxalnkcghqpkfvapevwicis3ytnnue6xqivuvuvi5cnhyd.onion", + "http://mruedu746yv2hnsfxwgglxpqbtlgfu7xwschm7w5cl2okanfjhu6vgad.onion", + "http://modestorxo4s2vkjxo6xyue2lz7zefavtftb44apjojc5qhszq4dqnyd.onion", + "http://msxiy2dutavkdwxbjge2lnut4x7ai4z2xb3ay324tqzxgryrhahbazad.onion", + "http://muaedu3espka2gw5yqopmglslckonkeiduvymfkxjkggvtfqxkqydjqd.onion", + "http://pea3gvx6uyywne2f4dokv5cznsvzcayxsroai2ehozffkd576xfdm5yd.onion", + "http://pueblogmiocdtzj2of5556yzcl7frldcmqztxr6qcirgamzencolyhad.onion", + "http://rcdauehrqqex6pghmphfqz2jpuro2guhyenkolm2wld6bez344cbvmad.onion", + "http://roadiewfshampm6ee56olxymma7iwlhecjgekezmfviua5zv6vkoqzad.onion", + "http://rwavdkltqjoi62kvugd5m576uyn4yrlxcpwril5simavxv7z6xrxrbyd.onion", + "http://sabinwgf7aryxeel2ivx243tzymlsuk2s4lmrqnqn7hug5xecy6ob6ad.onion", + "http://snodfytsyn25r2umgfbygj7gxvul7egr4yx4j4n4yn7nb7crabafzwid.onion", + "http://stockkyjeldgtaj3evbtfb4id7jxnde6qnt6so3ndipcndykgknjlyyd.onion", + "http://wcch72vqgvsgcv4ic3awnonoqgspum6p47m4thum52rbq4fu3ctu6sqd.onion" ], "refs": [ "https://www.ransomlook.io/group/nokoyawa" @@ -28001,7 +28318,8 @@ "description": "Ransomware written in .NET, apparently derived from the codebase of win.hakbit (Thanos) ransomware.", "meta": { "links": [ - "http://promethw27cbrcot.onion/blog/" + "http://promethw27cbrcot.onion/blog/", + "http://promethw27cbrcot.onion/ticket.php?track=" ], "refs": [ "https://therecord.media/decryptor-released-for-prometheus-ransomware-victims", @@ -28023,6 +28341,7 @@ "value": "Prometheus" }, { + "description": "", "meta": { "links": [ "http://ozsxj4hwxub7gio347ac7tyqqozvfioty37skqilzo2oqfs4cw2mgtyd.onion/", @@ -28030,7 +28349,12 @@ "http://wlh3dpptx2gt7nsxcor37a3kiyaiy6qwhdv7o6nl6iuniu5ycze5ydid.onion/blog", "http://kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad.onion/", "https://wikileaksv2.com", - "http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion" + "http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion", + "ftp://dataShare:nX4aJxu3rYUMiLjCMtuJYTKS@85.209.11.49", + "ftp://dataShare:2bTWYKNn7aK7Rqp9mnv3@188.119.66.189", + "https://31.41.244.100/", + "http://ijzn3sicrcy7quixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvad.onion", + "http://kbsqoiyihadmwczmxkbovk7ss2dcynitwhhfu5yw725dbogo5kthfaad.onion" ], "refs": [ "https://www.ransomlook.io/group/qilin" @@ -28183,7 +28507,28 @@ "http://rivdgsucnasob3iiux5j4g4ybqz6flxgx2vz4h6i2wfu42hbbmwwcuqd.onion/", "http://dfhu2iceszxurn7lf5mb5xhainmb7vulpizncjomtn4w5j5cv3pz52qd.onion/", "http://2ntyvlixm5zzhn2zgowgbbu5s6forpttomntefg5dapivr5qwokkyvyd.onion/", - "http://uax2s63op7lboqhuxscjfiwcea4retnus6z2ph33cd44dyqdsyosj6id.onion/" + "http://uax2s63op7lboqhuxscjfiwcea4retnus6z2ph33cd44dyqdsyosj6id.onion/", + "http://w6kf2ktnbzx3hha25snxdwg57ydqdskzcs5tdrdztajb2vn7jk5hzrid.onion/", + "http://vokr3ancppaevval5hwpqpm43szyj7nysfoxqfsrc274jabs5m2227yd.onion/", + "http://mdpkohdcvgyiexi4yihiufdi2wmau5yd6wjr7rituvwntifxuh43deyd.onion/", + "http://iwtkvmhwx7g743ytqj6yiibbb33a3ycezssyn6gai2hny7b2ynez6sad.onion/", + "http://uiecrea6byqjfppofxjcku2rjs6qxeqblnc7ljveopbtd4ih635saiid.onion/", + "http://n7f7ic7islqbyw3vzans3mddgaooirbf4i75tvsfvxjvni7vxanwczad.onion/", + "http://utijlj5t2xamyekjr3ur7vpdnttaqit57fher2nzibih3nqil75jhjyd.onion/", + "http://lc6wrbsdvaayqkhj47bjkj7mfnaiyvsnufmdnkhai6de3uxhu6bssgyd.onion/", + "http://nxml7szv4m3hd6gtjjg62xejyusbbqvmb3thfwaa6wimablrzuk7p3qd.onion/", + "http://jt772jtwpfrluifvz34ti43kfgv6lz7bgiviwopl73slo6a3wetch4yd.onion/", + "http://2xipgq7vsu6d6llgg4tr4wxwdc5tbmmtx3jxfax3kx2dorkcnzsimwqd.onion/", + "http://d7akeguwmrxmrg7tgzx7a73mksq3zpcjjk2c4jibfhmvrhhd6oprsfyd.onion/", + "http://ozokx66qqmtvjbkbkudtfnrfy5euwug2gbekqm6ug42j76knmtzcrkid.onion/", + "http://yj2xh4wxcjncsgj7642jzky7uf4mrjcp6zrcdgxylxbepyvgv4meljqd.onion/", + "http://l2abuimje7jrypvv57p2ihf36rza2etoobyvsddgxqrsssn7tyb7txid.onion/", + "http://43xvcojnfpqlbjxrbuuulyh3xtqrkl3qboi67xxd4jsigmpccbhxcoid.onion/", + "http://6ibv6c5n6orfgzpt4apgqtrbr3ot2ninpbpi6hwolq2lzcgj6lzj4rid.onion/", + "http://kinkwgtp4sfj3tovixjlvsklktjul7v5o55lkf6cgmlnugqlletzsxad.onion/", + "http://k2xhcuvhwh5cyua5vwa4xjeyvyfatzkrh5yn5kc5munvglzge4cod2ad.onion/", + "http://zv7u2tclxajbgae6ba4jkisnkfkts3lk7lxlypmuqktrk42qmo2c7hqd.onion/", + "http://secxrosqawaefsio3biv2dmi2c5yunf3t7ilwf54czq3v4bi7w6mbfad.onion/" ], "refs": [ "https://www.ransomlook.io/group/ransomhouse" @@ -28207,7 +28552,8 @@ { "meta": { "links": [ - "http://relic5zqwemjnu4veilml6prgyedj6phs7de3udhicuq53z37klxm6qd.onion" + "http://relic5zqwemjnu4veilml6prgyedj6phs7de3udhicuq53z37klxm6qd.onion", + "http://chatc46k7dqtvvrgfqjs6vxrwnmudko2ptiqvlb7doqxxqtjc22tsiad.onion/?auth_id=" ], "refs": [ "https://www.ransomlook.io/group/relic" @@ -28217,10 +28563,14 @@ "value": "Relic" }, { + "description": "", "meta": { "links": [ "http://royal2xthig3ou5hd7zsliqagy6yygk2cdelaxtni2fyad6dpmpxedid.onion", - "http://royal4ezp7xrbakkus3oofjw6gszrohpodmdnfbe5e4w3og5sm7vb3qd.onion" + "http://royal4ezp7xrbakkus3oofjw6gszrohpodmdnfbe5e4w3og5sm7vb3qd.onion", + "http://72u5vd67xdff354hhge6wjuvsixxwo3c6bvrdlqstgmjfptpbzwrsmad.onion", + "http://k6s24pz55gtvtzzpg4riv7zb74vts425bl42zrpmice5ud3a65itj6ad.onion/", + "http://yef4xoqj2jq554rqetf2ikmpdtewdlbnx5xrtjtjqaotvfw77ipb6pad.onion/" ], "refs": [ "https://www.ransomlook.io/group/royal" @@ -28272,7 +28622,8 @@ { "meta": { "links": [ - "http://zj2ex44e2b2xi43m2txk4uwi3l55aglsarre7repw7rkfwpj54j46iqd.onion" + "http://zj2ex44e2b2xi43m2txk4uwi3l55aglsarre7repw7rkfwpj54j46iqd.onion", + "http://z33da2c5d6t4ekkv4pxao7znpc2w2m47llzvg76g6xxgyd5wqqmfrtqd.onion" ], "refs": [ "https://www.ransomlook.io/group/sparta" @@ -28382,7 +28733,9 @@ "http://vsociethok6sbprvevl4dlwbqrzyhxcxaqpvcqt5belwvsuxaxsutyad.onion", "http://ml3mjpuhnmse4kjij7ggupenw34755y4uj7t742qf7jg5impt5ulhkid.onion/", "http://ssq4zimieeanazkzc5ld4v5hdibi2nzwzdibfh5n5w4pw5mcik76lzyd.onion/", - "http://wmp2rvrkecyx72i3x7ejhyd3yr6fn5uqo7wfus7cz7qnwr6uzhcbrwad.onion" + "http://wmp2rvrkecyx72i3x7ejhyd3yr6fn5uqo7wfus7cz7qnwr6uzhcbrwad.onion", + "http://xu66gzit6zp22qvixpenlxu2ok7vzrpqvgkuupkiukpz47va47ewbwad.onion", + "http://tahnytazh47jpikpajm2so2jdsjrkx6gfcu4p7bu7u3vfarnpvshgeyd.onion/" ], "refs": [ "https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html", @@ -28480,7 +28833,14 @@ "http://basherq53eniermxovo3bkduw5qqq5bkqcml3qictfmamgvmzovykyqd.onion", "http://basherykagbxoaiaxkgqhmhd5gbmedwb3di4ig3ouovziagosv4n77qd.onion", "http://bashete63b3gcijfofpw6fmn3rwnmyi5aclp55n6awcfbexivexbhyad.onion", - "http://bashex7mokreyoxl6wlswxl4foi7okgs7or7aergnuiockuoq35yt3ad.onion" + "http://bashex7mokreyoxl6wlswxl4foi7okgs7or7aergnuiockuoq35yt3ad.onion", + "http://7bbqrijcds5sgji3kiwo5o5qgxfgoyufykhzfdo6xl3qbdes2e7tdyad.onion", + "http://bashe4aec32kr6zbifwd5x6xgjsmhg4tbowrbx4pneqhc5mqooyifpid.onion", + "http://bashed52orwi7qoyvmcfkdnuaogta4inpojfd6cthzkp4qpsq64ux4ad.onion", + "http://bashedl53memptddxzb4kr5mnkzse4fmhpqeq7jb4srndswar46nofid.onion", + "http://bashefe5uezp2jtxpk24b2pyfnnfyguicgrgqufgu57mfluegotbeayd.onion", + "http://bashei5oy4zvmf2letnupwhgprdkjyssm3zxj2oyr6wfezkf3elehzqd.onion", + "http://qku4reiyfcs2vqq5tow2uprhyqhweo56lrgs6457svr3ej4ton5frkad.onion" ], "refs": [ "https://www.ransomlook.io/group/eraleign (apt73)" @@ -28570,13 +28930,15 @@ "value": "clop torrents" }, { + "description": "", "meta": { "links": [ "https://hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid.onion", "https://hunters33mmcwww7ek7q5ndahul6nmzmrsumfs6aenicbqon6mxfiqyd.onion/login", "https://huntersinternational.net", "http://huntersinternational.su", - "http://hunters55wwmd25ycahnbn5xh45hvtwbmby6ly4p6qee5pughbyrajqd.onion" + "http://hunters55wwmd25ycahnbn5xh45hvtwbmby6ly4p6qee5pughbyrajqd.onion", + "http://hunters33dootzzwybhxyh6xnmumopeoza6u4hkontdqu7awnhmix7ad.onion" ], "refs": [ "https://www.ransomlook.io/group/hunters" @@ -28588,7 +28950,8 @@ { "meta": { "links": [ - "http://33zo6hifw4usofzdnz74fm2zmhd3zsknog5jboqdgblcbwrmpcqzzbid.onion/" + "http://33zo6hifw4usofzdnz74fm2zmhd3zsknog5jboqdgblcbwrmpcqzzbid.onion/", + "http://ybxtfftwy2iwfqjy7fvvcrt5sd55fx3sk2yuztbx3y2dxb4dvqdhsiid.onion" ], "refs": [ "https://www.ransomlook.io/group/red ransomware" @@ -28598,9 +28961,13 @@ "value": "red ransomware" }, { + "description": "", "meta": { "links": [ - "http://mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion/blog" + "http://mydatae2d63il5oaxxangwnid5loq2qmtsol2ozr6vtb7yfm5ypzo6id.onion/blog", + "http://xszpovfd3q52omk5larjf4y7rziov2oee4u4amcm32wwsxc7ublmdtid.onion/", + "http://ot3vo3od2pajc7ymxdk6wimur7j7pgs2agvqlzyculowk3yoxzene2id.onion", + "http://2id7ik6lkd3jjjjlaarr3wckrxidp3bgl2jn5nhqciouk2ehuyakdiqd.onion" ], "refs": [ "https://www.ransomlook.io/group/mydata" @@ -28668,9 +29035,43 @@ "value": "lulzsec muslims" }, { + "description": "", "meta": { "links": [ - "http://cloak7jpvcb73rtx2ff7kaw2kholu7bdiivxpzbhlny4ybz75dpxckqd.onion" + "http://cloak7jpvcb73rtx2ff7kaw2kholu7bdiivxpzbhlny4ybz75dpxckqd.onion", + "http://6mw4yczxeqoiq7rgwnpi75qxsjd5jykuutpatflybodwlckoarhfdlid.onion/", + "http://7puvv4qtcrigzbxshqibkpibzbmrs6thb7s6uf3tisqfp3t2ddpp66id.onion/", + "http://jpef6snenchj3rxgugsozky3i34q66vmcoqy7neyu37xxiwxrad5doid.onion", + "http://glrw7ip5gz2fv2njbiqfvg5uiwavllw5zuixko4yrpj5hta7fjwqpjqd.onion", + "http://vicjwr6abknvcfjomocyb3koloidahc3hidwt5sq2ytwk7yepwfzlsid.onion", + "http://puzhh5aykks65qneqantprbqjt6k5bnigmwqwv6yvkxvkfu4ivva5mid.onion", + "http://piatupks5hai3oafo66xlj2eg2fbzjqy2j7gy3nyhqmnthlrwvrsolad.onion", + "http://necnstpnzuaovjocmiuv7ned7bstczit3kkvotqxl53xo5rfohndlvid.onion", + "http://ey2eak3vq5zbeu4s56m25mm4kvszy2is7gyjs6tsfzmhptbyijkzn2yd.onion", + "http://b53cqorlo7uftd3ymxguwnn7rfoz54ryoojjqxowdsaw2bahvuppntyd.onion", + "http://l3bbtg2p2gp2x43e2nngzkf7ab52k4mef3saowrl6m5notkts7p2vfyd.onion", + "http://vsdp5gqwrunytxw4f6dbxznux66aaewlwyenw3rantba4lwyzbckgfid.onion", + "http://a6gq22ngckken4xksz5ytl66sqeylh45ktke5pnbzfdksw5sfum5lvqd.onion", + "http://nbfxtlikrnicuht5yvvhlujpnh3spzjmek6eujeyck2ws34yytxjdhyd.onion", + "http://ziburuf5kh4phq5i6nmukpke7uruflhlvfexfmjwiwgghapz6ug3ajyd.onion", + "http://am3mzzguimx45wxywpukvwf3gobt3r4bidxzntjpsmqqge4s3vi2vvid.onion", + "http://occwme3xtlnzk3nlhn5ewsgodswrp6pysmmk7kcxqgj4hyiwkhoqcuyd.onion", + "http://qyywpuxysuur4exynwwwhu6nbd2f5vpj3h4tjbltfhwd4blamd4fppqd.onion", + "http://hsn2e745m36crxj2gmnrp432vbsyarhwvq3fgcyus345dp3oqlrltuad.onion", + "http://pbbeck4xcy3jzbu6lv5db3c5n3n44wngmpb5jj3yo4px32mlznziwbid.onion", + "http://hmxt5u75kj5qxqjqhckgaoda6zndgxcazleersyioat4iuq3ldgmkcid.onion", + "http://cii64fki62v2mudocjvgarzlmnpqrfp6xb7korapmdd7qmjpnccgduyd.onion", + "http://jrmayo7rvsx6sbv36djpdge6iwuem67dhccpctera2ykmqr6kplhayad.onion", + "http://ljrswxeei4isir3s5i7xmlzpx6sabmkgd7mvjrimcqwu7rqpn7bdjfad.onion", + "http://qixf7fqw237ikunw4ey22jsc4deltducf6zn4mq4ldyqab3ij3gehlyd.onion", + "http://ztqugnw4upfmd6mu3l6sdz2mfvzxzouhwgqqowyjeedgsmz733dqq2ad.onion", + "http://u66kitj46wmr5onijbbkg7cq45crcs66c563kyqy6klxm5c2nz42ujid.onion", + "http://e7gxrudyx2o733zlernyqqv623wyky5teor5xhnnx2g6dt4vf6jwn2yd.onion", + "http://qx2b2on5phkj4jczfpzfkb5cuhxn7wfqbgdu27pmxyzamoim3jqff6qd.onion", + "http://37izr5yow5d673agew22miyy3inbqncuv7gfp5372yciuzvadqef66yd.onion", + "http://d2wqt4kek62s35hjeankc75nis4zn4e5i6zdtmfkyeevr7fygpf2iiid.onion", + "http://sclj2rax5ljisew3v4msecylzo7iieqw25kcl7io4szei4qcujxixaid.onion", + "http://xyy2fymbdytltylyuicasuvw7vw3gtgm3cvvjskh4jnzfg3gp7dqgnqd.onion" ], "refs": [ "https://www.ransomlook.io/group/cloak" @@ -28684,7 +29085,9 @@ "links": [ "http://basemmnnqwxevlymli5bs36o5ynti55xojzvn246spahniugwkff2pad.onion/", "http://xb6q2aggycmlcrjtbjendcnnwpmmwbosqaugxsqb4nx6cmod3emy7sad.onion", - "http://92.118.36.204/" + "http://92.118.36.204/", + "http://xfycpauc22t5jsmfjcaz2oydrrrfy75zuk6chr32664bsscq4fgyaaqd.onion/", + "http://basemmnnqwxevlymli5bs36o5ynti55xojzvn246spahniugwkff2pad.onion/contact" ], "refs": [ "https://www.ransomlook.io/group/8base" @@ -28694,6 +29097,7 @@ "value": "8base" }, { + "description": "", "meta": { "links": [ "http://noescaperjh3gg6oy7rck57fiefyuzmj7kmvojxgvlmwd5pdzizrb7ad.onion/login", @@ -28723,7 +29127,10 @@ "http://ybo3xr25btxs47nmwykoudoe23nyv6ftkcpjdo4gilfzww4djpurtgid.onion/", "http://k6wtpxwq72gpeil5hqofae7yhbtxphbkyoe2g7rwmpx5sadc4sgsfvid.onion/", "http://vm2rbvfkcqsx2xusltbxziwbsrunjegk6qeywf3bxpjlznq622s3iead.onion/", - "http://ng2gzceugc2df6hp6s7wtg7hpupw37vqkvamaydhagv2qbrswdqlq6ad.onion/" + "http://ng2gzceugc2df6hp6s7wtg7hpupw37vqkvamaydhagv2qbrswdqlq6ad.onion/", + "http://2yxf2ald2c67twt4663piypum2fu6yt4su453naxsdiilpd4m7pgu6qd.onion", + "http://wjdnuogx3mrnnutshrx7nbvjuwqfxnrb32rifaozygwdvs325s75keqd.onion", + "http://wxqhwn52dnzbrtqeywg35jfvzbpwkw7edlxxoil7ag44plraezw5z5id.onion" ], "refs": [ "https://www.ransomlook.io/group/black suit" @@ -28820,7 +29227,9 @@ "http://yuhflx7yjk52jedcrtb3ne235mmykqfwc6jarby7lxxgv26ep7x4qjqd.onion/", "http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/", "http://ub63kcmphxbm3m64wwhuznbxfap4hlgqtauhnf4rvz23cdnrqr4towid.onion/", - "http://s5v5hvtk3oyxg3m6afgxeuwlasqku3adeosv7kwwjfvhf22vqiwotrqd.onion/" + "http://s5v5hvtk3oyxg3m6afgxeuwlasqku3adeosv7kwwjfvhf22vqiwotrqd.onion/", + "http://jqlcrn2fsfvxlngdq53rqyrwtwfrulup74xyle54bsvo3l2kgpeeijid.onion/", + "http://bgifgvekggqjfqx6x45e24vq7nm6in54rk36fo6jg4qf3yvy6lfisgid.onion/" ], "refs": [ "https://www.ransomlook.io/group/abyss-data" @@ -28830,6 +29239,7 @@ "value": "abyss-data" }, { + "description": "", "meta": { "links": [ "http://cryptr3fmuv4di5uiczofjuypopr63x2gltlsvhur2ump4ebru2xd3yd.onion", @@ -28860,7 +29270,10 @@ "http://rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad.onion/", "http://rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad.onion/archive.php", "http://rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad.onion/archive.php?auction", - "http://rhysidafc6lm7qa2mkiukbezh7zuth3i4wof4mh2audkymscjm6yegad.onion/" + "http://rhysidafc6lm7qa2mkiukbezh7zuth3i4wof4mh2audkymscjm6yegad.onion/", + "http://rhysidaeoxtkejwuheks3a7htk4zn3dfuynt5mqw6oawlcx6kcxjdeyd.onion", + "http://rhysidaiqemmlrvn2jvncdwhkvuiv7s2iu342xnrpeynxoe6r2dtjfyd.onion", + "http://rhysidaqho36b6i6mvpmy5di4ro5zglovtxixrirky6q3fgack7q5uyd.onion" ], "refs": [ "https://www.ransomlook.io/group/rhysida" @@ -28873,7 +29286,8 @@ "description": "", "meta": { "links": [ - "http://j3qxmk6g5sk3zw62i2yhjnwmhm55rfz47fdyfkhaithlpelfjdokdxad.onion/" + "http://j3qxmk6g5sk3zw62i2yhjnwmhm55rfz47fdyfkhaithlpelfjdokdxad.onion/", + "http://c3rb3rnow2alp26exjwlrs7puvftcxqywmpqedlierashbqikyxgg3qd.onion" ], "refs": [ "https://www.ransomlook.io/group/c3rb3r" @@ -28890,7 +29304,8 @@ "http://trigonax2zb3fw34rbaap4cqep76zofxs53zakrdgcxzq6xzt24l5lqd.onion/api", "http://krsbhaxbki6jr4zvwblvkaqzjkircj7cxf46qt3na5o5sj2hpikbupqd.onion", "http://krsbhaxbki6jr4zvwblvkaqzjkircj7cxf46qt3na5o5sj2hpikbupqd.onion/api", - "http://zp6la4xdki3irsenq3t7z7pu2nnaktqgob6aizlzjkdiyw6azjeuhzqd.onion" + "http://zp6la4xdki3irsenq3t7z7pu2nnaktqgob6aizlzjkdiyw6azjeuhzqd.onion", + "http://3x55o3u2b7cjs54eifja5m3ottxntlubhjzt6k6htp5nrocjmsxxh7ad.onion/" ], "refs": [ "https://www.ransomlook.io/group/trigona" @@ -28947,7 +29362,12 @@ "http://62foekhv5humjrfwjdyd2dgextpbf5i7obguhwvfoghmu3nxpkmxlcid.onion/", "http://cx5u7zxbvrfyoj6ughw76oa264ucuuizmmzypwum6ear7pct4yc723qd.onion", "http://hupxs7ps7md24kpz4lwsbra64abgxjx3pcc2wuca5ibawf2g5hlpfyqd.onion", - "http://osintcorp.net" + "http://osintcorp.net", + "http://uyku4o2yg34ekvjtszg6gu7cvjzm6hyszhtu7c55iyuzhpr4k5knewyd.onion/", + "http://5ar4vuckm3k7osdlzskqkaqmqr4jjpmdikuotmlpkrbsxx7ard3xetyd.onion/", + "http://medusakxxtp3uo7vusntvubnytaph4d3amxivbggl3hnhpk2nmus34yd.onion", + "http://s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion", + "http://medusakxxtp3uo7vusntvubnytaph4d3amxivbgg13hnhpk2nmus34yd.onion/227098164ef1fdb119ef537986bbdf24" ], "refs": [ "https://www.ransomlook.io/group/medusa", @@ -28990,6 +29410,7 @@ "value": "malek team" }, { + "description": "", "meta": { "links": [ "http://pa32ymaeu62yo5th5mraikgw5fcvznnsiiwti42carjliarodltmqcqd.onion", @@ -29021,7 +29442,9 @@ "meta": { "links": [ "http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion/", - "http://woe2suafeg6ehxivgvvn4nh6ectbdhdqgc4vzph27mmyn7rjf2c52jid.onion" + "http://woe2suafeg6ehxivgvvn4nh6ectbdhdqgc4vzph27mmyn7rjf2c52jid.onion", + "http://lorenzedzyzyjhzxvlcv347n5piltxamo755pzqpozh5l47kj7mxueid.onion/", + "http://lorenzezzwvtk3y24wfph4jpho27grrctqvf6yvld7256rnoz7yg2eid.onion/" ], "refs": [ "https://www.ransomlook.io/group/lorenz", @@ -29040,6 +29463,7 @@ "value": "lorenz" }, { + "description": "", "meta": { "links": [ "http://undgrddapc4reaunnrdrmnagvdelqfvmgycuvilgwb5uxm25sxawaoqd.onion", @@ -29054,10 +29478,12 @@ "value": "team underground" }, { + "description": "", "meta": { "links": [ "http://threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphyad.onion", - "http://ulkvlj5sirgrbnvb4hvbjo2ex2c2ceqe2j4my57fcdozpbq5h5pyu7id.onion" + "http://ulkvlj5sirgrbnvb4hvbjo2ex2c2ceqe2j4my57fcdozpbq5h5pyu7id.onion", + "http://threeam7fj33rv5twe5ll7gcrp3kkyyt6ez5stssixnuwh4v3csxdwqd.onion/" ], "refs": [ "https://www.ransomlook.io/group/3am" @@ -29081,7 +29507,8 @@ { "meta": { "links": [ - "http://nt3rrzq5hcyznvdkpslvqbbc2jqecqrinhi5jtwoae2x7psqtcb6dcad.onion/" + "http://nt3rrzq5hcyznvdkpslvqbbc2jqecqrinhi5jtwoae2x7psqtcb6dcad.onion/", + "http://wy35mxvqxff4vufq64v4rrahxltn6ry33hjoogydwti6wbqutjaxrvid.onion/clients/chat/" ], "refs": [ "https://www.ransomlook.io/group/cyclops" @@ -29091,6 +29518,7 @@ "value": "cyclops" }, { + "description": "", "meta": { "links": [ "http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog", @@ -29126,7 +29554,25 @@ "http:// http://an2ce4pqpf2ipvba2djurxi5pnxxhu3uo7ackul6eafcundqtly7bhid.onion", "http://fpwwt67hm3mkt6hdavkfyqi42oo3vkaggvjj4kxdr2ivsbzyka5yr2qd.onion", "http://an2ce4pqpf2ipvba2djurxi5pnxxhu3uo7ackul6eafcundqtly7bhid.onion", - "http://xeuvs5poflczn5i5kbynb5rupmidb5zjuza6gaq22uqsdp3jvkjkciqd.onion/" + "http://xeuvs5poflczn5i5kbynb5rupmidb5zjuza6gaq22uqsdp3jvkjkciqd.onion/", + "https://7vy5mydtkf4hqo3g5s4v7skmyn2xdh4mxg3xgtcqnequuospqtsmutqd.onion/", + "http://crylcxzmkllsvq3qgh6gmeg3abqcyliepqza2r57o43gsfwomibq2cyd.onion/", + "http://qa5qvqhtuzlyzrrgc7dkepyj34hb4psf6hk7jmiyn6cef7fxajdleoid.onion/", + "http://ransombgegc4e2vuq45noxekkmauikzt7qu6ab2rqsthdyxdpdufbqid.onion/", + "http://ransomgxjnwmu5ceqwo2jrjssxpoicolmgismfpnslaixg3pgpe5qcad.onion/", + "http://shedjytnmsdgyey7ho7r52leod3plffhe3yjmhyxfxxivnunnmw7coid.onion/", + "http://vqcrizmr7757hjbamfcb7pei2zv462o4ypi2djj4xvy5ax7f2b3c7bad.onion", + "http://davtdavm734bl4hkr3sr4dvfzpdzuzei2zrcor4vte4a3xuok2rxcmyd.onion/", + "http://dd4djzr2ywfcox3zfvpkpyh3b657hsdwpwv5cfkmdfde2lr3fpz6spad.onion/", + "http://cki3klxqycazagx3r5prae3nmfvxmwa34beknr3il4uf76vxd76akqid.onion/", + "http://pod4gkypkd6kykwoht3kioehhpoh4k75ybdfoe6q7hqbphrd77b32jqd.onion/", + "http://445ouvbxlevrxm7phyfr4au3ritat62zl7cwvrarvonrwmququordayd.onion", + "http://nr4jw2reeta2u4n2sq4sejjudllir4yfotzf5d4p3wn2ep6ddomtxxid.onion/", + "http://m52fl4estv4lmcvqhssh7mb7nsygiwe7oybhjhny7iuzrzwulq455eqd.onion", + "http://brclvwefzszko5xrlan7pebyliqdkv5cw75xksrxp772urjytkko5fyd.onion", + "http://rmr2kgq6vzifnyoaz7jaxdx5t6gsxurbakah5bafatsqldtt2mwneyid.onion", + "http://xdg53hbpwshgtbfbm6m7nv3ckkduo3dfdwdearcsvybfb3qaf4v7suyd.onion", + "http://toq7bk6abkr6lapwj3k22ffu4ud5jpox7jbfgzetpz7lxb427katstid.onion" ], "refs": [ "https://www.ransomlook.io/group/ransomhub" @@ -29193,7 +29639,25 @@ "http://ysknyr5m5n3pwg4jnaqsytxea2thwsbca3qipi64vlep42flywx7dgqd.onion", "http://b3pzp6qwelgeygmzn6awkduym6s4gxh6htwxuxeydrziwzlx63zergyd.onion", "http://p2qzf3rfvg4f74v2ambcnr6vniueucitbw6lyupkagsqejtuyak6qrid.onion", - "http://whfsjr35whjtrmmqqeqfxscfq564htdm427mjekic63737xscuayvkad.onion" + "http://whfsjr35whjtrmmqqeqfxscfq564htdm427mjekic63737xscuayvkad.onion", + "http://22rob5wgz7e7fskszzxvsyv4kuoqen62cui4wwoyjtsp22y6oescfhid.onion", + "http://2ebzdvjkfd5j6jjgm5cnxzk5v6c5pyaaylmzluy2h6v7esatqngswjid.onion", + "http://3fyivvhqricced46pa3xg7tzp3cr7zkca4ig7jbetcw7zs5ob7i46hid.onion", + "http://6u4fttcz3utppij47uzvuwuh7twvf35c6j35zbjyaar3l5nuiqg5ocqd.onion", + "http://btdigggok4d4pz6e3gdvj4ghdnmzhwctuff2jnh4gfanaqsd4omj3oqd.onion", + "http://ceyt3r2mcygr5ep3gbjxasj2vjdcb3jxql4ywkjqz6jy3t37gvw7byqd.onion", + "http://courierccomf4pnkbr2t2a5pvpwnbzc67fbnpt6ncbhyqj5opidhpqad.onion", + "http://gyv3gai4l5z5cecfqhnff54iq4ezkd7wbivxei4dobhty5jnbbtxecqd.onion", + "http://lesg437bhmubeh4fas2mgmnllsfgj2mnxvbljv32myzmj2adfctuyaqd.onion", + "http://lolipornqyecnhtrddt54qhayeownl5g6i5yadmwpnmbpek5mo4ks2qd.onion", + "http://pastebitl7cxnftvpyczqh6e6kaeyfdl2sodgeckrsl4idkfp5mqgdid.onion", + "http://qqtncwvlhyw6doanyykioeqit25jajjr7srelr75dgpn2bo3ovdsu3yd.onion", + "http://redchanpj427pbextcjriae5ottv4cka7cdrpghauzrwdwkobxdbpqid.onion", + "http://sa5g7pzkbhkh3tthniumj7cz7ftdx7upengz4iq3mnwubiotrhn63had.onion", + "http://tahgzc6zcq4dxwsdfziwdaljmdbuqegpoh5sfng7xmux6psih3epa4yd.onion", + "http://v3zgtoh5etfeuvhtgdpiejle4mzy7gdvoygildytlxwoay6qvrkixfad.onion", + "http://v5da6357wpzzqccy46ikdwe7zfeayh7kdfbhrpas4eli4w5qx44i4tqd.onion", + "http://wannafwvcfarw5dmjfqv4trxjtut7l4cguoirpennale6offik42a2qd.onion" ], "refs": [ "https://www.ransomlook.io/group/play", @@ -29269,7 +29733,8 @@ { "meta": { "links": [ - "http://ciphbitqyg26jor7eeo6xieyq7reouctefrompp6ogvhqjba7uo4xdid.onion/" + "http://ciphbitqyg26jor7eeo6xieyq7reouctefrompp6ogvhqjba7uo4xdid.onion/", + "http://sonarmsng5vzwqezlvtu2iiwwdn3dxkhotftikhowpfjuzg7p3ca5eid.onion/contact/CiphBit" ], "refs": [ "https://www.ransomlook.io/group/ciphbit" @@ -29285,7 +29750,13 @@ "http://incblog7vmuq7rktic73r4ha4j757m3ptym37tyvifzp2roedyyzzxid.onion", "http://incapt.blog/", "http://incapt.su/blog/leaks", - "http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures" + "http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures", + "http://incpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad.onion/", + "http://incpaykabjqc2mtdxq6c23nqh4x6m5dkps5fr6vgdkgzp5njssx6qkid.onion/", + "http://incbacg6bfwtrlzwdbqc55gsfl763s3twdtwhp27dzuik6s6rwdcityd.onion", + "http://incbackend.top", + "http://incbackfgm7qa7sioq7r4tdunoaqsvzjg5i7w46bhqlfonwjgiemr7qd.onion", + "http://incbackrlasjesgpfu5brktfjknbqoahe2hhmqfhasc5fb56mtukn4yd.onion" ], "refs": [ "https://www.ransomlook.io/group/inc ransom" @@ -29336,7 +29807,11 @@ "links": [ "http://p66slxmtum2ox4jpayco6ai3qfehd5urgrs4oximjzklxcol264driqd.onion/index.html", "http://nsalewdnfclsowcal6kn5csm4ryqmfpijznxwictukhrgvz2vbmjjjyd.onion/", - "https://5kvv27efetbcqgem4tl7jsolvr3jxkrbmn23rcjzl7kvqycxuao3t4ad.onion/" + "https://5kvv27efetbcqgem4tl7jsolvr3jxkrbmn23rcjzl7kvqycxuao3t4ad.onion/", + "http://p242scyqdujesnozehk4ecfshk6i357cjywv3vzywrera3bndko4pgyd.onion", + "http://r4znrcbthzjclilled5yyrjy35gagoyfwvekiqih7btzrchvqdmgviqd.onion", + "http://sldltcn2d6mgtp66vgmvjptdtwgqyyewsjgwkzjybq3x55plzw4tefid.onion:3452", + "http://zroxb37ghsh2xkwrkfkyz65jmuv6goaltcqxohk4syziahgjv5zou5qd.onion" ], "refs": [ "https://www.ransomlook.io/group/dunghill" @@ -29360,7 +29835,8 @@ { "meta": { "links": [ - "http://crypuglupv3bsqnbt5ruu5lgwrwoaojscwhuoccbmbzmcidft5kiccqd.onion" + "http://crypuglupv3bsqnbt5ruu5lgwrwoaojscwhuoccbmbzmcidft5kiccqd.onion", + "http://basemmnnqwxevlymli5bs36o5ynti55xojzvn246spahniugwkff2pad.onion" ], "refs": [ "https://www.ransomlook.io/group/cryptbb" @@ -29370,10 +29846,14 @@ "value": "cryptbb" }, { + "description": "", "meta": { "links": [ "http://noname2j6zkgnt7ftxsjju5tfd3s45s4i3egq5bqtl72kgum4ldc6qyd.onion", - "https://www.lockbitblog.info/" + "https://www.lockbitblog.info/", + "http://7tkffbh3qiumpfjfq77plcorjmfohmbj6nwq5je6herbpya6kmgoafid.onion/", + "http://lockbitvyq2uedft666b4ezxfvneq36jagpov4shitftjcoro7pjlsqd.onion", + "http://6qubpgkb7vjd6upivya4ll2xvzkx6zdj5bfwfo7qqm4jd3cuv4nwg2id.onion" ], "refs": [ "https://www.ransomlook.io/group/noname" @@ -29386,7 +29866,11 @@ "description": "", "meta": { "links": [ - "http://knight3xppu263m7g4ag3xlit2qxpryjwueobh7vjdc3zrscqlfu3pqd.onion/" + "http://knight3xppu263m7g4ag3xlit2qxpryjwueobh7vjdc3zrscqlfu3pqd.onion/", + "http://3r7zqtidvujbmfhx52sb34u4vwkh66baefmqzlbqpcnwm3krzipy37yd.onion/", + "http://uzfrntnmwojla5v4w3xvpxerjg43kuzqxmtspqhi5qclwtof5ibgonyd.onion", + "http://r6chas4skrvna72fg5ui3cqkke4fnpinsskvlo57aiolrrdb3r777mqd.onion", + "http://vdyummkrwpjg5ufzefpsqlei5jgfulgci42fjraslavxeegsodei2tyd.onion" ], "refs": [ "https://www.ransomlook.io/group/knight" @@ -29429,7 +29913,8 @@ "links": [ "https://ransomed.vc/", "http://k63fo4qmdnl4cbt54sso3g6s5ycw7gf7i6nvxl3wcf3u6la2mlawt5qd.onion", - "http://f6amq3izzsgtna4vw24rpyhy3ofwazlgex2zqdssavevvkklmtudxjad.onion/" + "http://f6amq3izzsgtna4vw24rpyhy3ofwazlgex2zqdssavevvkklmtudxjad.onion/", + "http://g6ocfx3bb3pvdfawbgrbt3fqoht5t6dwc3hfmmueo76hz46qepidnxid.onion" ], "refs": [ "https://www.ransomlook.io/group/ransomed" @@ -29465,7 +29950,29 @@ { "meta": { "links": [ - "http://blogvl7tjyjvsfthobttze52w36wwiz34hrfcmorgvdzb6hikucb7aqd.onion" + "http://blogvl7tjyjvsfthobttze52w36wwiz34hrfcmorgvdzb6hikucb7aqd.onion", + "http://clientcuworpelkdwecucgvfhp5uz5n7uohsnokndrlhm2zkntyg3had.onion/", + "http://6xkylzxoxpd6bnl5ymhr6hysaoe3bsxzxhxpydhv22fmnt6m5zrlpvad.onion/", + "http://l7eupjzxzfbsw7nxu7wu7lj2lzr5ulmyuyd4neyasbdmvzcedal7mmid.onion/", + "http://qyk5o7wcgocwebnymjusnc7siyetwl7po26flw4e6hhg2xiue7brvmid.onion/", + "http://bolfkdkjbdig64ieqixpyhmquuadkm6nzohutbkfwgzftd35kipy45ad.onion/", + "http://742srdwxlwiu75kr3sbf6kzwjcxjwezvpi3s76ignhes3vqacvh3e4ad.onion/", + "http://nhdmgcysxuvvmd4dqwqisxumirvcj6xfhahuds5z7qgj7qlr3i73nnqd.onion/", + "http://jioj2j5k53vrhtdgvjmeijgkdxgwadzjacywnybjvqftbkqpt3oy6cid.onion/", + "http://372bkntomuk4xmevyki2gvpzdsm77xkhp4z6sctugcogqwgpqj4xkjyd.onion/", + "http://vycmr2wn5nqhkpla62mqe4vxh4fgdbc5id4g6piy4mvbjnb4mp4t25yd.onion/", + "http://jg7qeqdbqqordr5tazw5zc7s2h4sk2pt2hx4cxycqrcwr7vtpmreshad.onion/", + "http://lhzaw2b2xn6lmtoioiswufyvjnrghlkmhtvwgsrsjnnmj2ceu56popqd.onion/", + "http://d2vda7sp7rxuizyduwvnvccs3giddkwgglj5ecgrmdpu32grp2txjeqd.onion/", + "http://26kbddrpm2xfjg4unow76xyvrffwh4usqjhsqgalf4h3diiujy75ngqd.onion/", + "http://moze6ryu3ev65tgmssb4sckagkgfzmjtsxg2d6xrjjua2dke5lagcxqd.onion/", + "http://au6l74lej2qvwrvasdyc5ta4g7jdshjwkzbi635g6uztld2n2fcacyad.onion/", + "http://wzu6yixpcohxeeunakzqf42dothwikt3gvtovamxdm6rfl3oe6smywyd.onion/", + "http://p6kxp556kkcbjdjsg24g3edmvr7v7ujecuychw4ibvqhl6wuomnrgbqd.onion/", + "http://z46mj5ihckzwf2ons46ceryjwyxt3ctrqyglmre5uhnipvoepaciulid.onion/", + "http://vkge4tbgo3kfc6n5lgjyvb7abjxp7wdnaumkh6xscyj4dceifieunkad.onion/", + "http://3w3uuz4vze6wdwxrebn3oaavft47xtvghl7qcmpqclgojr44muaigwyd.onion/", + "http://client372kkzvqpgniqp6r5rqkg22yrlhstxiaxskeowp2hrperdelad.onion" ], "refs": [ "https://www.ransomlook.io/group/money message" @@ -29507,7 +30014,8 @@ "https://2nn4b6gihz5bttzabjegune3blwktad2zmy77fwutvvrxxodbufo6qid.onion/", "http://y6kyfs2unbfcyodzjrxadn4w5vyulhyotdi5dtiqulxbduujehupunqd.onion/", "http://embargobe3n5okxyzqphpmk3moinoap2snz5k6765mvtkk7hhi544jid.onion/api/blog/get", - "http://3o5ewrzhqoyodfs5kll4cjxagdfrpuu474panwobm4im7ejfpaux5jyd.onion/" + "http://3o5ewrzhqoyodfs5kll4cjxagdfrpuu474panwobm4im7ejfpaux5jyd.onion/", + "http://7watkqnnuwxvlpgy5gaosgqy67nve3jgpy37xobqngmswz3vuvde56yd.onion" ], "refs": [ "https://www.ransomlook.io/group/embargo" @@ -29520,7 +30028,8 @@ "description": "", "meta": { "links": [ - "http://mdhby62yvvg6sd5jmx5gsyucs7ynb5j45lvvdh4dsymg43puitu7tfid.onion" + "http://mdhby62yvvg6sd5jmx5gsyucs7ynb5j45lvvdh4dsymg43puitu7tfid.onion", + "http://kkvanuf7on5uglvdhihy627w5pxwcmhl6pxik7rwef6y7crt6wj4hjqd.onion/" ], "refs": [ "https://www.ransomlook.io/group/darkvault" @@ -29534,7 +30043,10 @@ "meta": { "links": [ "http://meow6xanhzfci2gbkn3lmbqq7xjjufskkdfocqdngt3ltvzgqpsg5mid.onion/", - "http://totos7fquprkecvcsl2jwy72v32glgkp2ejeqlnx5ynnxvbebgnletqd.onion" + "http://totos7fquprkecvcsl2jwy72v32glgkp2ejeqlnx5ynnxvbebgnletqd.onion", + "http://ikjht3url3tvx6itf2eghtrmwlmjfywz63ymnxghwwyhflcxnqffhvid.onion", + "http://mops6j3iuepvarl7ackf2itjkt4in3xkcbupnhy656byx6m6hnxkbgid.onion", + "http://meowthxcf4tm3rujk4bsjaoxd2ghmjx7vi342hz6zdu3lfyeykmc4wqd.onion" ], "refs": [ "https://www.ransomlook.io/group/meow" @@ -29544,6 +30056,7 @@ "value": "meow" }, { + "description": "", "meta": { "links": [ "https://apos.blog", @@ -29563,7 +30076,8 @@ "links": [ "http://dataleakypypu7uwblm5kttv726l3iripago6p336xjnbstkjwrlnlid.onion/", "http://panelqbinglxczi2gqkwderfvgq6bcv5cbjwxrksjtvr5xv7ozh5wqad.onion", - "http://panelqbinglxczi2gqkwderfvgq6bcv5cbjwxrksjtvr5xv7ozh5wqad.onion/Url=4094dd92-0f91-4699-8328-fdb7070a8230" + "http://panelqbinglxczi2gqkwderfvgq6bcv5cbjwxrksjtvr5xv7ozh5wqad.onion/Url=4094dd92-0f91-4699-8328-fdb7070a8230", + "http://panela3eefdzfzxzxcshfnbustdprtlhlbe3x2fqomdz7t33iqtzvjyd.onion/" ], "refs": [ "https://www.ransomlook.io/group/el dorado" @@ -29599,11 +30113,13 @@ "value": "risen" }, { + "description": "", "meta": { "links": [ "https://xql562evsy7njcsngacphc2erzjfecwotdkobn3m4uxu2gtqh26newid.onion/", "http://xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion", - "http://xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion/posts" + "http://xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd.onion/posts", + "http://hlbqbuy2bo3onn6h6eq7pbci24kughiaw4rkxrewidnqma3hwwgt2ead.onion" ], "refs": [ "https://www.ransomlook.io/group/fog" @@ -29628,7 +30144,8 @@ { "meta": { "links": [ - "http://gmixcebhni6c3kcf5m7xxybomaphj7pizoqtxiqmrz5wsh6g6x5s2wqd.onion/" + "http://gmixcebhni6c3kcf5m7xxybomaphj7pizoqtxiqmrz5wsh6g6x5s2wqd.onion/", + "http://ppzmaodrgtg7r6zcputdlaqfliubmmjpo4u56l3ayckut3nyvw6dyayd.onion/" ], "refs": [ "https://www.ransomlook.io/group/sensayq" @@ -29655,7 +30172,9 @@ "meta": { "links": [ "http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion/", - "http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion/" + "http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion/", + "http://cuuhrxbg52c5agytmtjpwfu7mrs4xtaitc4mukkiy2kqdxeqbcmuhaid.onion/", + "http://p6wmotxzvg34tdmpwm4beqgrcyp5iys43snkccsahnw74la3k3xx6pad.onion" ], "refs": [ "https://www.ransomlook.io/group/brain cipher" @@ -29677,10 +30196,12 @@ "value": "synapse" }, { + "description": "", "meta": { "links": [ "http://cicadabv7vicyvgz5khl7v2x5yygcgow7ryy6yppwmxii4eoobdaztqd.onion/", - "http://cicadacnft7gcgnveb7wjm6pjpjcjcsugogmlrat7u7pcel3iwb7bhyd.onion/" + "http://cicadacnft7gcgnveb7wjm6pjpjcjcsugogmlrat7u7pcel3iwb7bhyd.onion/", + "http://cicadaxousmk6nbntd3ucxefmfgt2drhtfdvh7gmdeh3ttvudam6f2ad.onion" ], "refs": [ "https://www.ransomlook.io/group/cicada3301" @@ -29795,7 +30316,9 @@ { "meta": { "links": [ - "http://z6vidveub2ypo3d3x7omsmcxqwxkkmvn5y3paoufyd2tt4bfbkg33kid.onion" + "http://z6vidveub2ypo3d3x7omsmcxqwxkkmvn5y3paoufyd2tt4bfbkg33kid.onion", + "http://ebljej7okwfnx5hdfikqqt2uqehihqv3yns3ziij5clqpklwb3i2cxad.onion/", + "http://7wa2bi6grhbu4opt5bguga4g63jsxiy3ysfbabh7dbyk3niqxlsburad.onion/" ], "refs": [ "https://www.ransomlook.io/group/chilelocker" @@ -29874,7 +30397,17 @@ "http://lynxblogoxllth4b46cfwlop5pfj4s7dyv37yuy7qn2ftan6gd72hsad.onion", "http://lynxblogtwatfsrwj3oatpejwxk5bngqcd5f7s26iskagfu7ouaomjad.onion", "http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion", - "http://lynxstorage1.net/" + "http://lynxstorage1.net/", + "http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks", + "http://lynxblogco7r37jt7p5wrmfxzqze7ghxw6rihzkqc455qluacwotciyd.onion/leaks", + "http://lynxblogijy4jfoblgix2klxmkbgee4leoeuge7qt4fpfkj4zbi2sjyd.onion/leaks", + "http://lynxblogmx3rbiwg3rpj4nds25hjsnrwkpxt5gaznetfikz4gz2csyad.onion/leaks", + "http://lynxblogoxllth4b46cfwlop5pfj4s7dyv37yuy7qn2ftan6gd72hsad.onion/leaks", + "http://lynxblogtwatfsrwj3oatpejwxk5bngqcd5f7s26iskagfu7ouaomjad.onion/leaks", + "http://lynxblogxutufossaeawlij3j3uikaloll5ko6grzhkwdclrjngrfoid.onion/leaks", + "http://lynxchatfw4rgsclp4567i4llkqjr2kltaumwwobxdik3qa2oorrknad.onion/", + "http://lynxba5y5juv3c4de2bftamjkbxvcuujr5c5wn4hq2fwmt66pxb7qqad.onion", + "http://lynxchat.net" ], "refs": [ "https://www.ransomlook.io/group/lynx" @@ -29886,7 +30419,8 @@ { "meta": { "links": [ - "http://nv4addu4insb7x6aagdv6r5gvxzczgfje7mmecsjonnrvsq7ulevvfid.onion" + "http://nv4addu4insb7x6aagdv6r5gvxzczgfje7mmecsjonnrvsq7ulevvfid.onion", + "http://3wugtklp46ufx7dnr6j5cd6ate7wnvnivsyvwuni7hqcqt7hm5r72nid.onion/" ], "refs": [ "https://www.ransomlook.io/group/rtm locker" @@ -29911,7 +30445,9 @@ "meta": { "links": [ "http://onyxcgfg4pjevvp5h34zvhaj45kbft3dg5r33j5vu3nyp7xic3vrzvad.onion/", - "http://onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion" + "http://onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion", + "http://www.helldown.org", + "http://onyxcb44xvqra35m3lp3z26kf2pxrlbn64nbzvyvzjyc3uykzrwcjdid.onion" ], "refs": [ "https://www.ransomlook.io/group/helldown" @@ -29982,6 +30518,7 @@ "value": "embrago" }, { + "description": "", "meta": { "links": [ "http://nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion", @@ -29992,7 +30529,13 @@ "http://67hvtslok5a4cwjxfmidbgbunsvckypf2dwkpxg3y2sabar5b4jidmyd.onion/", "http://sqnnhgqr4iiwnkaih6vspyxmebz2vvjv3uybmjdynw6sne5plilunhyd.onion/", "http://z4tonbkjybcllsvd45smpkqkk5uaspmlnvmysrkxt37wuudijvp7k2id.onion", - "http://awrfq7pjydfp3hwbsun6ltxrrzths5ztgxj7i7ybx7twjrdvzvxkgwad.onion" + "http://awrfq7pjydfp3hwbsun6ltxrrzths5ztgxj7i7ybx7twjrdvzvxkgwad.onion", + "http://vkl3xfkp2vtpdzk7ohock3w2oiwwtvgnwbwvurrqafh5nhw23h43dbid.onion/", + "http://wjwbqeuni4zslbm4cduvo7uwyo653k4gdx2x4irj4zkrwyerksdcxryd.onion/", + "http://whdoefodpz4jjpwr5imipdntkh6kdbjazhx2zvdhcbmrtuxs6f3iwnid.onion/", + "http://6stzturcvnli6ilm6f6vweiymchi6lboc62u7ive2q7hn5hbbbauvgid.onion/", + "http://6blfnoe24tfpal2kmacphkjmzph3oghjdznsgkf23lmvjqbtgrmedpid.onion/", + "http://5xmd7pwpk4flmz5o2hbyndpkles5klmwbpxbw4jitzjnbhn4wkdktvad.onion/" ], "refs": [ "https://www.ransomlook.io/group/nitrogen" @@ -30032,7 +30575,12 @@ "http://twm7i3mxyydc2ew5ppbmjiz6rzww7ze32t2ecmznnsywdccwatzjxead.onion/", "http://qysbb5qdwpxsimtrsbehqc75q4b2lw6m4imtnswgmbsq2mw4ulvxevqd.onion/", "http://fbrmzvj2c6a5soanvuw3qi4dpnt3rcgte32nae4qegd4vqpnjtrwbqid.onion/", - "http://6v3lslpnsfae4rfghnl473u4hp7j6yyu74pipyks54norp4filkzjgid.onion/" + "http://6v3lslpnsfae4rfghnl473u4hp7j6yyu74pipyks54norp4filkzjgid.onion/", + "http://l2atrqqwpmgdr4vzae7ufgulirsklfk4xmierg4ihdxborjkpyuz5lyd.onion/", + "http://yry66r4til42vxubkqpy5wo75mshv7pcaqtbg4rzl55bs55yzav73uyd.onion/", + "http://7h422j3rpt7dxoeijbzn6xo7t43dmaisl5t44mcsf6ulbj3weg6doqyd.onion/", + "http://4x2dnydjwfpa4zgutwqaeqxd7tmdz452ttvvq5pga5eqgppi2uu5chyd.onion/", + "http://ufwlfce4qkiqsda7e2mhaibgyyi6jfjhu55j7uoq6bh3kmue7pc34iid.onion/" ], "refs": [ "https://www.ransomlook.io/group/sarcoma" @@ -30042,11 +30590,28 @@ "value": "sarcoma" }, { + "description": "", "meta": { "links": [ "http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/", "http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/leaks.php", - "http://zmqolc6yrdgn24w7eaaf4pfm235x65zbeggr4byk7og3crhcwn7sqeyd.onion" + "http://zmqolc6yrdgn24w7eaaf4pfm235x65zbeggr4byk7og3crhcwn7sqeyd.onion", + "http://4awnzgndu5u3bb6vne2vixizdftkc4mdlz45lnrhjgelzm5ujywxmuqd.onion/index.php?p=", + "http://hp4fxytyky26q3kpgqlhewhrazaag5wg4jsaiwxlv3lkd7r7rmsamqyd.onion/index.php?p=", + "http://soqdfmnocwg47ixineyzlhyem5tx3fju4hadydwob7fk4oyldxhju4ad.onion/index.php?p=", + "http://sya5wcoyib7rozq6cjrdmrrunucqehkuzxs6rkrkffukkn5urq6bv7yd.onion/index.php?p=", + "http://4ep4zkhqqg3kihqlbpsppld4qvg7c7llotilezqr6evbazqbmcwu6fyd.onion/index.php?p=", + "http://hsthebgwlp6xxnhgmvmgukyzxuyaqkx5uqncg56wib7byonddo5k6myd.onion/index.php?p=", + "http://z7yjie5fejolxvscc3lralybnhynajewnqinjfdasoqa2mt2ixjnelqd.onion/index.php?p=", + "http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/support/step.php", + "http://53pkw34sr5aohkkpg4w3nz4wpsqod5mxdqer3hijrz2btv2pe3vncgad.onion", + "http://74yeft3x7wvqnscbzfdljnvnmflnlib2b6mhu6a3arc3vvpi4qbrt2qd.onion", + "http://7baltffgfltbjh26fd62h2ieeomdcpro44xwkdqipbn5dtuklgkigkyd.onion", + "http://fkdhvlseh3xyeugsu54frnui62zjrfpeb2v5rm44b53iopcr3h4flxyd.onion", + "http://hmrr2zllzzxxrdqi5ktjflpga4skdnxm4wvzgkkl72apofvczmsno2ad.onion", + "http://hvhidyqcyj4dozqdxuongpcs2yffjs2ojhazrncqi5cr4hhx3ljopiqd.onion", + "http://sjd7ssbiptl62jktrwc5yffsh4llljx7hswfltnfkttq47gdjlpknxid.onion", + "http://zmdmlidqqrxbkyqkqttbsbticjbofjs5uzwecqvdxfadvsjw7mp5kjyd.onion" ], "refs": [ "https://www.ransomlook.io/group/interlock" @@ -30058,7 +30623,8 @@ { "meta": { "links": [ - "http://vlofmq2u3f5amxmnblvxaghy73aedwta74fyceywr6eeguw3cn6h6uad.onion/" + "http://vlofmq2u3f5amxmnblvxaghy73aedwta74fyceywr6eeguw3cn6h6uad.onion/", + "http://ovcbyl77wplz67mdcilq6yq67eg56milg3xjehoiklbxrs4mondbklyd.onion/" ], "refs": [ "https://www.ransomlook.io/group/playboy" @@ -30068,10 +30634,12 @@ "value": "playboy" }, { + "description": "", "meta": { "links": [ "http://hellcakbszllztlyqbjzwcbdhfrodx55wq77kmftp4bhnhsnn5r3odad.onion", - "http://r7i4vprxr2vznmhnnxj36264ofwx6extopdz535f5v357nqacifymbad.onion/" + "http://r7i4vprxr2vznmhnnxj36264ofwx6extopdz535f5v357nqacifymbad.onion/", + "http://hellcat.rw" ], "refs": [ "https://www.ransomlook.io/group/hellcat" @@ -30108,7 +30676,8 @@ { "meta": { "links": [ - "http://nerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion" + "http://nerqnacjmdy3obvevyol7qhazkwkv57dwqvye5v46k5bcujtfa6sduad.onion", + "http://dwgxeoaqykd3zdkhol5xpgsqabp4lys4ea7qpl3f2b75b2sdsex644id.onion/files/" ], "refs": [ "https://www.ransomlook.io/group/kairos" @@ -30132,7 +30701,10 @@ { "description": "", "meta": { - "links": [], + "links": [ + "http://jbmk7h6xlkedn2gg5yi76zca6y3jgdlp5wchlsrd7735tlnrmmvqe5ad.onion/", + "http://4xi5jklauqmjfkwxhs2a6q2d26v2465zfnccacqpz75exv2kzu5aeiad.onion:18080/chat/startchat" + ], "refs": [ "https://www.ransomlook.io/group/argonauts group" ] @@ -30143,7 +30715,8 @@ { "meta": { "links": [ - "http://termiteuslbumdge2zmfmfcsrvmvsfe4gvyudc5j6cdnisnhtftvokid.onion" + "http://termiteuslbumdge2zmfmfcsrvmvsfe4gvyudc5j6cdnisnhtftvokid.onion", + "http://pqw3hepvky2pgyyv6dupvx47cm2gxzwop6dfei3i67dj76tdj6alplqd.onion/" ], "refs": [ "https://www.ransomlook.io/group/termite" @@ -30166,7 +30739,204 @@ }, "uuid": "156a6b97-c64f-5742-a530-ea8415c746e3", "value": "safepay" + }, + { + "meta": { + "links": [], + "refs": [ + "https://www.ransomlook.io/group/invaderx" + ] + }, + "uuid": "5d02020f-fc46-5cd5-9df7-626a39cb3da5", + "value": "invaderx" + }, + { + "meta": { + "links": [], + "refs": [ + "https://www.ransomlook.io/group/beast" + ] + }, + "uuid": "b2a53d9c-cd15-5bb6-a7dc-bb11e3e36fd8", + "value": "beast" + }, + { + "meta": { + "links": [ + "http://xir242nunyist4d7ksfnfmhnjx4gvqbuzo7eax4o3abqjesbxjshh4qd.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/tommyleaks" + ] + }, + "uuid": "24d60b07-a86b-5adc-8429-e187b52b3e04", + "value": "tommyleaks" + }, + { + "meta": { + "links": [ + "http://gwisin4yznpdtzq424i3la6oqy5evublod4zbhddzuxcnr34kgfokwad.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/gwisin" + ] + }, + "uuid": "179c08be-e9aa-502f-bff9-3059f05654a2", + "value": "gwisin" + }, + { + "meta": { + "links": [ + "http://luckbit53sdne5yd5vdekadhwnbzjyqlbjkc4g33hs6faphfkvivaeid.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/luckbit" + ] + }, + "uuid": "e313d35e-d12a-533f-82fa-0c1ba10315c6", + "value": "luckbit" + }, + { + "meta": { + "links": [ + "http://ohmva4gbywokzqso.onion/", + "http://tmc2ybfqzgkaeilm.onion" + ], + "refs": [ + "https://www.ransomlook.io/group/ctblocker" + ] + }, + "uuid": "7efacd48-a8ce-5826-ab91-4c26c1c1bad8", + "value": "ctblocker" + }, + { + "meta": { + "links": [ + "http://decryptjhpol6zezc72xb2mofmi6o7xlvacnrpbuiczz2sz5ljurg4id.onion/chat", + "http://decryptrrx2fojgfcof3aesrklj5obq7nmizyokq7ohzqxtwfcvtmwad.onion/chat" + ], + "refs": [ + "https://www.ransomlook.io/group/krypt" + ] + }, + "uuid": "6ec1ee9c-12cf-53cc-b651-a01403c3358e", + "value": "krypt" + }, + { + "description": ".help_restoremydata\r
ext : .help_restoremydata\r
note : HOW_TO_RECOVERY_FILES.html\r
mail : help@restoremydata.pw\r
md5 : b1e8b6c2b65d51893bbe61d46cbdb4af", + "meta": { + "links": [ + "http://gzdn6yjvmrujiqzz4wwuykrta7jtkv2fupb7aozwx7yxnxhj737v2qad.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/help_restoremydata" + ] + }, + "uuid": "671df985-34a7-508d-b009-f9b12ad17fc0", + "value": "help_restoremydata" + }, + { + "description": "", + "meta": { + "links": [ + "http://zu3wfrmrkl4ltqqnpt3owp3cwa33rqwod4gpe3ttb5o4vf2is2gzm6qd.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/bluebox" + ] + }, + "uuid": "74ffe164-6ccb-5f3a-8d13-380d9c8172e4", + "value": "bluebox" + }, + { + "meta": { + "links": [ + "http://business-data-leaks.com", + "http://ep6pheij.com/" + ], + "refs": [ + "https://www.ransomlook.io/group/leakeddata" + ] + }, + "uuid": "e7460886-41f4-518d-a0b0-c3fd248ce512", + "value": "leakeddata" + }, + { + "meta": { + "links": [ + "http://cwybfdfhstmmoaxmnz4os7qxdcomnp5qleslqb55vt24vh3kmyl6jmad.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/toxic" + ] + }, + "uuid": "9276c81d-4a28-5b0e-9130-989a51440465", + "value": "toxic" + }, + { + "description": ".crYpt \r
MD5: 54EFAC23D7B524D56BEDBCE887E11849\r
\r
Babuk Variant", + "meta": { + "links": [ + "https://lhwhi2kmewfas6tk47psgvqyluz5iwgdll5g6jyknq6rvxxg6soqooqd.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/crypt ransomware" + ] + }, + "uuid": "334e8177-8c01-501d-a99a-9ab481c1ce15", + "value": "crypt ransomware" + }, + { + "meta": { + "links": [ + "http://weaxorpemwzoxg5cdvvfd77p3qczkxqii37ww4foo2n4jcft3mytbpyd.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/weaxor" + ] + }, + "uuid": "7402729e-e23f-549d-bff0-1f64ea104946", + "value": "weaxor" + }, + { + "meta": { + "links": [ + "http://pnanlicgxkku2aonwsg2fwid3maycsso7joqnzp66wkfemzdk7ahsdid.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/schoolboys" + ] + }, + "uuid": "a38a03d0-19bd-547b-9fd1-2a7bd1e996d5", + "value": "schoolboys" + }, + { + "meta": { + "links": [ + "http://pg3n5bteiatjf6rt7oa4xhzo4sj736rifjmk4gtowxjljuwwdv6mccyd.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/dataf locker" + ] + }, + "uuid": "d9b496e0-7bf1-5b50-b7fc-4ed921ea243f", + "value": "dataf locker" + }, + { + "description": "", + "meta": { + "links": [ + "http://7ixfdvqb4eaju5lzj4gg76kwlrxg4ugqpuog5oqkkmgfyn33h527oyyd.onion/", + "http://pke2vht5jdeninupk7i2thcfvxegsue6oraswpka35breuj7xxz2erid.onion/", + "http://ykqjcrptcai76ru5u7jhvspkeizfsvpgovton4jmreawj4zdwe4qnlid.onion/" + ], + "refs": [ + "https://www.ransomlook.io/group/funksec" + ] + }, + "uuid": "132896fc-2758-5384-9bdf-925a7f53c5ff", + "value": "funksec" } ], - "version": 139 + "version": 140 }