[ { "name": [ ".CryptoHasYou." ], "extensions": ".enc", "extensionPattern": "", "ransomNoteFilenames": " YOUR_FILES_ARE_LOCKED.txt", "comment": "", "encryptionAlgorithm": "AES(256)", "decryptor": "", "resources": [ "http://www.nyxbone.com/malware/CryptoHasYou.html" ], "screenshots": "", "microsoftDetectionName": "Trojan:Win32/Dynamer!ac", "microsoftInfo": "https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FDynamer!ac", "sandbox": "https://www.hybrid-analysis.com/sample/afd3394fb538b36d20085504b86000ea3969e0ae5da8e0c058801020ec8da67c?environmentId=4", "iocs": "https://otx.alienvault.com/pulse/57180b18c1492d015c14bed8/", "snort": "" }, { "name": [ "777", "Sevleg" ], "extensions": ".777", "extensionPattern": "._[timestamp]_$[email]$.777\ne.g. [email protected]$.777", "ransomNoteFilenames": "read_this_file.txt", "comment": "", "encryptionAlgorithm": "XOR", "decryptor": "", "resources": [ "https://decrypter.emsisoft.com/777" ], "screenshots": "", "microsoftDetectionName": "Ransom:Win32/Empercrypt.A", "microsoftInfo": "https://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Ransom:Win32/Empercrypt.A", "sandbox": "https://www.hybrid-analysis.com/sample/2955d081ed9bca764f5037728125a7487f29925956f3095c58035919d50290b5?environmentId=4", "iocs": "https://otx.alienvault.com/pulse/573b02701116a040ceccdd85/", "snort": "" }, { "name": [ "7ev3n", "7ev3n-HONE$T" ], "extensions": ".R4A\n.R5A", "extensionPattern": "", "ransomNoteFilenames": "FILES_BACK.txt", "comment": "", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://github.com/hasherezade/malware_analysis/tree/master/7ev3n\nhttps://www.youtube.com/watch?v=RDNbH5HDO1E&feature=youtu.be", "http://www.nyxbone.com/malware/7ev3n-HONE$T.html\n" ], "screenshots": "", "microsoftDetectionName": "", "microsoftInfo": "", "sandbox": "", "iocs": "https://otx.alienvault.com/pulse/57180dbf0ebaa4015af21166/", "snort": "" }, { "name": [ "7h9r" ], "extensions": ".7h9r", "extensionPattern": "", "ransomNoteFilenames": "README_.TXT", "comment": "", "encryptionAlgorithm": "AES", "decryptor": "", "resources": [ "http://www.nyxbone.com/malware/7h9r.html" ], "screenshots": "" }, { "name": [ "8lock8" ], "extensions": ".8lock8", "extensionPattern": "", "ransomNoteFilenames": "READ_IT.txt", "comment": "Based on HiddenTear", "encryptionAlgorithm": "AES(256)", "decryptor": "", "resources": [ "http://www.bleepingcomputer.com/forums/t/614025/8lock8-help-support-topic-8lock8-read-ittxt/" ], "screenshots": "", "microsoftDetectionName": "", "microsoftInfo": "", "sandbox": "https://www.hybrid-analysis.com/sample/90256220a513536b2a09520a1abb9b0f62efc89b873c645d3fd4a1f3ebed332d?environmentId=4", "iocs": "https://www.hybrid-analysis.com/sample/d572a7d7254846adb73aebc3f7891398e513bdac9aac06231991e07e7b55fac8?environmentId=4", "snort": "" }, { "name": [ "AiraCrop" ], "extensions": "._AiraCropEncrypted", "extensionPattern": "", "ransomNoteFilenames": "How to decrypt your files.txt", "comment": "related to TeamXRat", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://twitter.com/PolarToffee/status/796079699478900736" ], "screenshots": "" }, { "name": [ "Al-Namrood" ], "extensions": ".unavailable\n.disappeared", "extensionPattern": "", "ransomNoteFilenames": "Read_Me.Txt", "comment": "", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://decrypter.emsisoft.com/al-namrood" ], "screenshots": "" }, { "name": [ "Alcatraz Locker" ], "extensions": ".Alcatraz", "extensionPattern": "", "ransomNoteFilenames": "ransomed.html", "comment": "", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://twitter.com/PolarToffee/status/792796055020642304" ], "screenshots": "" }, { "name": [ "ALFA Ransomware" ], "extensions": ".bin", "extensionPattern": "", "ransomNoteFilenames": "README HOW TO DECRYPT YOUR FILES.HTML", "comment": "Made by creators of Cerber", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "http://www.bleepingcomputer.com/news/security/new-alfa-or-alpha-ransomware-from-the-same-devs-as-cerber/" ], "screenshots": "" }, { "name": [ "Alma Ransomware" ], "extensions": "random", "extensionPattern": "random(x5)", "ransomNoteFilenames": "Unlock_files_randomx5.html", "comment": "", "encryptionAlgorithm": "AES(128)", "decryptor": "", "resources": [ "https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=d4173312-989b-4721-ad00-8308fff353b3&placement_guid=22f2fe97-c748-4d6a-9e1e-ba3fb1060abe&portal_id=326665&redirect_url=APefjpGnqFjmP_xzeUZ1Y55ovglY1y1ch7CgMDLit5GTHcW9N0ztpnIE-ZReqqv8MDj687_4Joou7Cd2rSx8-De8uhFQAD_Len9QpT7Xvu8neW5drkdtTPV7hAaou0osAi2O61dizFXibewmpO60UUCd5OazCGz1V6yT_3UFMgL0x9S1VeOvoL_ucuER8g2H3f1EfbtYBw5QFWeUmrjk-9dGzOGspyn303k9XagBtF3SSX4YWSyuEs03Vq7Fxb04KkyKc4GJx-igK98Qta8iMafUam8ikg8XKPkob0FK6Pe-wRZ0QVWIIkM&hsutk=34612af1cd87864cf7162095872571d1&utm_referrer=https%3A%2F%2Finfo.phishlabs.com%2Fblog%2Falma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter&canon=https%3A%2F%2Finfo.phishlabs.com%2Fblog%2Falma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter&__hstc=61627571.34612af1cd87864cf7162095872571d1.1472135921345.1472140656779.1472593507113.3&__hssc=61627571.1.1472593507113&__hsfp=1114323283", "https://info.phishlabs.com/blog/alma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter" ], "screenshots": "http://www.bleepingcomputer.com/news/security/new-alma-locker-ransomware-being-distributed-via-the-rig-exploit-kit/", "microsoftDetectionName": "", "microsoftInfo": "", "sandbox": "", "iocs": "https://otx.alienvault.com/browse?q=Alma+Ransomware", "snort": "" }, { "name": [ "Alpha Ransomware", "AlphaLocker" ], "extensions": ".encrypt", "extensionPattern": "", "ransomNoteFilenames": "Read Me (How Decrypt) !!!!.txt", "comment": "", "encryptionAlgorithm": "AES(256)", "decryptor": "", "resources": [ "http://download.bleepingcomputer.com/demonslay335/AlphaDecrypter.zip", "http://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-continues-the-trend-of-accepting-amazon-cards/" ], "screenshots": "https://twitter.com/malwarebread/status/804714048499621888" }, { "name": [ "Alphabet" ], "extensions": "", "extensionPattern": "", "ransomNoteFilenames": "", "comment": "Doesn't encrypt any files / provides you the key", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://twitter.com/PolarToffee/status/812331918633172992" ], "screenshots": "" }, { "name": [ "AMBA" ], "extensions": ".amba", "extensionPattern": "", "ransomNoteFilenames": "\u041f\u0420\u041e\u0427\u0422\u0418_\u041c\u0415\u041d\u042f.txt\nREAD_ME.txt", "comment": "Websites only\[email protected]", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://twitter.com/benkow_/status/747813034006020096" ], "screenshots": "" }, { "name": [ "Angela Merkel" ], "extensions": ".angelamerkel", "extensionPattern": "", "ransomNoteFilenames": "", "comment": "", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://twitter.com/malwrhunterteam/status/798268218364358656" ], "screenshots": "" }, { "name": [ "AngleWare" ], "extensions": ".AngleWare", "extensionPattern": "", "ransomNoteFilenames": "READ_ME.txt", "comment": "", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://twitter.com/BleepinComputer/status/844531418474708993" ], "screenshots": "" }, { "name": [ "Angry Duck" ], "extensions": ".adk", "extensionPattern": "", "ransomNoteFilenames": "", "comment": "Demands 10 BTC", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://twitter.com/demonslay335/status/790334746488365057" ], "screenshots": "" }, { "name": [ "Anony", "Based on HiddenTear\nngocanh" ], "extensions": "", "extensionPattern": "", "ransomNoteFilenames": "", "comment": "", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://twitter.com/struppigel/status/842047409446387714" ], "screenshots": "" }, { "name": [ "Anubis" ], "extensions": ".coded", "extensionPattern": "", "ransomNoteFilenames": "Decryption Instructions.txt", "comment": "EDA2", "encryptionAlgorithm": "AES(256)", "decryptor": "", "resources": [ "http://nyxbone.com/malware/Anubis.html" ], "screenshots": "" }, { "name": [ "Apocalypse", "Fabiansomeware" ], "extensions": ".encrypted\n.SecureCrypted\n.FuckYourData\n.unavailable\n.bleepYourFiles\n.Where_my_files.txt", "extensionPattern": "[filename].ID-*8characters+countrycode[[email protected]].[random7characters]\n*filename*.ID-[A-F0-9]{8}+countrycode[[email protected]].[a-z0-9]{13}", "ransomNoteFilenames": "*.How_To_Decrypt.txt\n*.Contact_Here_To_Recover_Your_Files.txt\n*.Where_my_files.txt\n*.Read_Me.Txt\n*md5*.txt", "comment": "[email protected]\[email protected]\[email protected]\[email protected]\[email protected]", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://decrypter.emsisoft.com/apocalypse", "http://blog.emsisoft.com/2016/06/29/apocalypse-ransomware-which-targets-companies-through-insecure-rdp/" ], "screenshots": "" }, { "name": [ "ApocalypseVM" ], "extensions": ".encrypted\n.locked", "extensionPattern": "", "ransomNoteFilenames": "*.How_To_Get_Back.txt ", "comment": "Apocalypse ransomware version which uses VMprotect", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "http://decrypter.emsisoft.com/download/apocalypsevm" ], "screenshots": "", "microsoftDetectionName": "Win32/Cribit", "microsoftInfo": "https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Win32/Cribit", "sandbox": "https://www.hybrid-analysis.com/sample/7d66e29649a09bf3edb61618a61fd7f9fb74013b739dfc4921eefece6c8439bb?environmentId=4", "iocs": "https://otx.alienvault.com/pulse/57166d65c1492d015c14bcc4/", "snort": "" }, { "name": [ "ASN1" ], "extensions": "", "extensionPattern": "", "ransomNoteFilenames": "!!!!!readme!!!!!.htm", "comment": "", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://malwarebreakdown.com/2017/03/02/rig-ek-at-92-53-105-43-drops-asn1-ransomware/" ], "screenshots": "" }, { "name": [ "AutoLocky" ], "extensions": ".locky", "extensionPattern": "", "ransomNoteFilenames": "info.txt\ninfo.html", "comment": "", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://decrypter.emsisoft.com/autolocky" ], "screenshots": "", "microsoftDetectionName": "", "microsoftInfo": "", "sandbox": "", "iocs": "", "snort": "" }, { "name": [ "Aw3s0m3Sc0t7" ], "extensions": ".enc", "extensionPattern": "", "ransomNoteFilenames": "", "comment": "", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://twitter.com/struppigel/status/828902907668000770" ], "screenshots": "" }, { "name": [ "BadBlock" ], "extensions": "", "extensionPattern": "", "ransomNoteFilenames": "Help Decrypt.html", "comment": "", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://decrypter.emsisoft.com/badblock", "http://www.nyxbone.com/malware/BadBlock.html" ], "screenshots": "", "microsoftDetectionName": "", "microsoftInfo": "", "sandbox": "", "iocs": "https://otx.alienvault.com/pulse/56eac97aaef9214b1550b37e/", "snort": "" }, { "name": [ "BadEncript" ], "extensions": ".bript", "extensionPattern": "", "ransomNoteFilenames": "More.html", "comment": "", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://twitter.com/demonslay335/status/813064189719805952" ], "screenshots": "" }, { "name": [ "BaksoCrypt" ], "extensions": ".adr", "extensionPattern": "", "ransomNoteFilenames": "", "comment": "Based on my-Little-Ransomware", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://twitter.com/JakubKroustek/status/760482299007922176" ], "screenshots": "https://0xc1r3ng.wordpress.com/2016/06/24/bakso-crypt-simple-ransomware/" }, { "name": [ "Bandarchor", "Rakhni" ], "extensions": "[email protected]", "extensionPattern": ".id-[ID]_[EMAIL_ADDRESS]", "ransomNoteFilenames": "HOW TO DECRYPT.txt", "comment": "Files might be partially encrypted", "encryptionAlgorithm": "AES(256)", "decryptor": "", "resources": [ "https://reaqta.com/2016/03/bandarchor-ransomware-still-active/" ], "screenshots": "https://www.bleepingcomputer.com/news/security/new-bandarchor-ransomware-variant-spreads-via-malvertising-on-adult-sites/" }, { "name": [ "BarRax" ], "extensions": ".BarRax", "extensionPattern": "", "ransomNoteFilenames": "", "comment": "Based on HiddenTear", "encryptionAlgorithm": "", "decryptor": "", "resources": [ "https://twitter.com/demonslay335/status/835668540367777792" ], "screenshots": ""

[ { "name": "marketo", "captcha": false, "parser": false, "javascript_render": false, "meta": "marketplace - not a ransomware group, previous clearnet marketo.cloud", "locations": [ { "fqdn": "marketojbwagqnwx.onion", "title": null, "version": 2, "slug": "http://marketojbwagqnwx.onion", "available": false, "updated": "2021-09-08 00:01:21.604365", "lastscrape": "2021-05-01 00:00:00.000000", "enabled": false }, { "fqdn": "g5sbltooh2okkcb2.onion", "title": null, "version": 2, "slug": "http://g5sbltooh2okkcb2.onion", "available": false, "updated": null, "lastscrape": "2021-05-01 00:00:00.000000", "enabled": false }, { "fqdn": "fvki3hj7uxuirxpeop6chgqoczanmebutznt2mkzy6waov6w456vjuid.onion", "title": "404 Not Found", "version": 3, "slug": "http://fvki3hj7uxuirxpeop6chgqoczanmebutznt2mkzy6waov6w456vjuid.onion", "available": false, "updated": "2021-10-04 08:05:02.379137", "lastscrape": "2021-10-04 08:05:02.379121", "enabled": false }, { "fqdn": "jvdamsif53dqjycuozlaye2s47p7xij4x6hzwzwhzrqmv36gkyzohhqd.onion", "title": "502 Bad Gateway", "version": 3, "slug": "http://jvdamsif53dqjycuozlaye2s47p7xij4x6hzwzwhzrqmv36gkyzohhqd.onion", "available": false, "updated": "2022-03-14 05:12:43.980524", "lastscrape": "2022-03-14 05:12:43.980505", "enabled": false } ], "profile": [ "https://www.digitalshadows.com/blog-and-research/marketo-a-return-to-simple-extortion", "https://securityaffairs.co/wordpress/121617/cyber-crime/puma-available-marketo.html", "https://t.me/marketo_leaks", "https://t.me/marketocloud" ] }, { "name": "synack", "captcha": false, "parser": true, "javascript_render": false, "meta": "no longer in operation - rebrand", "locations": [ { "fqdn": "xqkz2rmrqkeqf6sjbrb47jfwnqxcd4o2zvaxxzrpbh2piknms37rw2ad.onion", "title": "end of game", "version": 3, "slug": "http://xqkz2rmrqkeqf6sjbrb47jfwnqxcd4o2zvaxxzrpbh2piknms37rw2ad.onion/", "available": false, "updated": "2021-09-08 00:03:21.496917", "lastscrape": "2021-08-18 00:02:29.699387", "enabled": false } ], "profile": [ "https://www.zdnet.com/article/synack-ransomware-group-releases-decryption-keys-as-they-rebrand-to-el-cometa" ] }, { "name": "suncrypt", "captcha": false, "parser": true, "javascript_render": false, "meta": null, "locations": [ { "fqdn": "x2miyuiwpib2imjr5ykyjngdu7v6vprkkhjltrk4qafymtawey4qzwid.onion", "title": "News", "version": 3, "slug": "http://x2miyuiwpib2imjr5ykyjngdu7v6vprkkhjltrk4qafymtawey4qzwid.onion/", "available": false, "updated": "2022-12-11 02:30:58.172815", "lastscrape": "2022-12-11 02:30:58.172802", "enabled": false }, { "fqdn": "nbzzb6sa6xuura2z.onion", "title": null, "version": 2, "slug": "http://nbzzb6sa6xuura2z.onion", "available": false, "updated": "2021-09-08 00:03:26.377871", "lastscrape": "2021-05-01 00:00:00.000000", "enabled": false } ], "profile": [ "https://www.tetradefense.com/incident-response-services/cause-and-effect-suncrypt-ransomware-analysis", "https://www.intezer.com/blog/malware-analysis/when-viruses-mutate-did-suncrypt-ransomware-evolve-from-qnapcrypt", "https://medium.com/s2wblog/case-analysis-of-suncrypt-ransomware-negotiation-and-bitcoin-transaction-43a2194ac0bc" ] }, { "name": "lv", "captcha": false, "parser": true, "javascript_render": false, "meta": null, "locations": [ { "fqdn": "rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad.onion", "title": null, "version": 3, "slug": "http://rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad.onion/api/posts/1", "available": false, "updated": "2022-12-10 18:10:34.549092", "lastscrape": "2022-12-10 18:10:34.549077", "enabled": false }, { "fqdn": "4qbxi3i2oqmyzxsjg4fwe4aly3xkped52gq5orp6efpkeskvchqe27id.onion", "title": "Start-maximized.com", "version": 3, "slug": "http://4qbxi3i2oqmyzxsjg4fwe4aly3xkped52gq5orp6efpkeskvchqe27id.onion/", "available": false, "updated": "2021-12-02 13:09:34.120089", "lastscrape": "2021-12-02 13:09:34.120074", "enabled": false } ], "profile": [ "https://www.secureworks.com/research/lv-ransomware", "https://securityaffairs.co/wordpress/119306/malware/lv-ransomware-repurposed-revil-binary.html" ] }, { "name": "lorenz", "captcha": false, "parser": true, "javascript_render": false, "meta": "rfi location woe2suafeg6ehxivgvvn4nh6ectbdhdqgc4vzph27mmyn7rjf2c52jid.onion/index.php", "locations": [ { "fqdn": "lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion", "title": "Lorenz", "version": 3, "slug": "http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion/", "available": false, "updated": "2024-08-14 20:02:51.696858", "lastscrape": "2024-08-14 20:02:51.696844", "enabled": true } ], "profile": [ "https://www.zdnet.com/article/lorenz-ransomware-attack-victims-can-now-retrieve-their-files-for-free-with-this-decryption-tool", "https://www.cybertalk.org/the-worst-outcomes-lorenz-ransomware-a-new-double-extortion-strategy" ] }, { "name": "lockbit2", "captcha": false, "parser": true, "javascript_render": true, "meta": "previous clearnet fqdn lockbitapt.uz", "locations": [ { "fqdn": "zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion", "title": "LOCKFILE", "version": 3, "slug": "http://zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion", "available": false, "updated": "2021-11-21 19:05:47.855300", "lastscrape": "2021-11-21 19:05:47.855283", "enabled": false }, { "fqdn": "yq43odyrmzqvyezdindg2tokgogf3pn6bcdtvgczpz5a74tdxjbtk2yd.onion", "title": "LockBit BLOG", "version": 3, "slug": "http://yq43odyrmzqvyezdindg2tokgogf3pn6bcdtvgczpz5a74tdxjbtk2yd.onion", "available": false, "updated": "2022-06-17 16:10:31.959577", "lastscrape": "2022-06-17 16:10:31.959558", "enabled": false }, { "fqdn": "oyarbnujct53bizjguvolxou3rmuda2vr72osyexngbdkhqebwrzsnad.onion", "title": "LockBit BLOG", "version": 3, "slug": "http://oyarbnujct53bizjguvolxou3rmuda2vr72osyexngbdkhqebwrzsnad.onion", "available": false, "updated": "2022-06-17 16:10:49.901832", "lastscrape": "2022-06-17 16:10:49.901813", "enabled": false }, { "fqdn": "lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion", "title": "LockBit BLOG", "version": 3, "slug": "http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion", "available": false, "updated": "2022-06-17 16:11:05.604998", "lastscrape": "2022-06-17 16:11:05.604979", "enabled": false }, { "fqdn": "lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion", "title": "LockBit BLOG", "version": 3, "slug": "http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion", "available": false, "updated": "2022-06-17 16:11:23.690568", "lastscrape": "2022-06-17 16:11:23.690546", "enabled": false } ], "profile": [ "https://threatpost.com/lockbit-ransomware-proliferates-globally/168746", "https://www.trendmicro.com/en_us/research/21/h/lockbit-resurfaces-with-version-2-0-ransomware-detections-in-chi.html", "https://www.cyber.gov.au/acsc/view-all-content/advisories/2021-006-acsc-ransomware-profile-lockbit-20" ] }, { "name": "hiveleak", "captcha": false, "parser": true, "javascript_render": false, "meta": "aka hive", "locations": [ { "fqdn": "hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion", "title": "This domain has been seized", "version": 3, "slug": "http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/", "available": false, "updated": "2023-05-26 14:05:14.664411", "lastscrape": "2023-05-26 14:05:14.664396", "enabled": false }, { "fqdn": "hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion", "title": "This domain has been seized", "version": 3, "slug": "http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion", "available": false, "updated": "2023-05-26 14:05:18.000822", "lastscrape": "2023-05-26 14:05:18.000805", "enabled": false }, { "fqdn": "hiveapi4nyabjdfz2hxdsr7otrcv6zq6m4rk5i2w7j64lrtny4b7vjad.onion", "title": "This domain has been seized", "version": 3, "slug": "http://hiveapi4nyabjdfz2hxdsr7otrcv6zq6m4rk5i2w7j64lrtny4b7vjad.onion/v1/companies/disclosed", "available": false, "updated": "2023-05-26 14:05:21.959096", "lastscrape": "2023-05-26 14:05:21.959080", "enabled": false } ], "profile": [ "https://inf.news/en/tech/c28d9382ab78a5ac3d8fc802f3f0f1e0.html", "https://www.healthcareitnews.com/news/fbi-issues-alert-about-hive-ransomware", "https://blogs.blackberry.com/en/2021/07/threat-thursday-hive-ransomware" ] }, { "name": "arvinclub", "captcha": false, "parser": true, "javascript_render": false, "meta": null, "locations": [ { "fqdn": "3kp6j22pz3zkv76yutctosa6djpj4yib2icvdqxucdaxxedumhqicpad.onion", "title": "Arvin Club – آزادی برای اتصال", "version": 3, "slug": "http://3kp6j22pz3zkv76yutctosa6djpj4yib2icvdqxucdaxxedumhqicpad.onion/", "available": false, "updated": "2022-08-01 20:10:19.375136", "lastscrape": "2022-08-01 20:10:19.375118", "enabled": false }, { "fqdn": "arvinc7prj6ln5wpd6yydfqulsyepoc7aowngpznbn3lrap2aib6teid.onion", "title": "Arvin | Blog", "version": 3, "slug": "http://arvinc7prj6ln5wpd6yydfqulsyepoc7aowngpznbn3lrap2aib6teid.onion/", "available": false, "updated": "2023-11-06 02:15:07.495884", "lastscrape": "2023-11-06 02:15:07.495870", "enabled": false } ], "profile": [ "http://t.me/arvin_club", "https://sosintel.co.uk/a-special-investigation-exposing-a-ransomware-groups-clear-web-ip-and-their-duplicate-identities/", "D6164C90642CD93D9D3F353511B4BDBD1428309C90CDE13D3D7088AA5BE3010A52E485834E84" ] }, { "name": "avoslocker", "captcha": true, "parser": false, "javascript_render": false, "meta": "captcha prevents indexing", "locations": [ { "fqdn": "avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion", "title": "AvosLocker Access Queue", "version": 3, "slug": "http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion/", "available": false, "updated": "2023-07-08 00:15:36.808844", "lastscrape": "2023-07-08 00:15:36.808827", "enabled": false }, { "fqdn": "avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion", "title": "AvosLocker", "version": 3, "slug": "http://avosjon4pfh3y7ew3jdwz6ofw7lljcxlbk7hcxxmnxlh5kvf2akcqjad.onion", "available": false, "updated": "2023-08-16 14:04:08.303751", "lastscrape": "2023-08-16 14:04:08.303729", "enabled": false } ], "profile": [ "https://blog.cyble.com/2021/07/23/deep-dive-analysis-avoslocker-ransomware", "https://blog.malwarebytes.com/threat-intelligence/2021/07/avoslocker-enters-the-ransomware-scene-asks-for-partners", "previous parser: c2VkIC1uIC1lICdzL14uKmFyaWEtaGlkZGVuPSJ0cnVlIj48XC9pPiAvL3AnIHNvdXJjZS9hdm9zbG9ja2VyLSouaHRtbCB8IGN1dCAtZCAiPCIgLWYx", "previous parser: ZWdyZXAgLW8gJ3RpdGxlPSIoW1s6YWxudW06XV18IHxcLikrIicgc291cmNlL2F2b3Nsb2NrZXItKi5odG1sIHwgY3V0IC1kICciJyAtZjI=" ] }, { "name": "grief", "captcha": true, "parser": false, "javascript_render": true, "meta": "captcha prevents indexing", "locations": [ { "fqdn": "griefcameifmv4hfr3auozmovz5yi6m3h3dwbuqw7baomfxoxz4qteid.onion", "title": "Grief list", "version": 3, "slug": "http://griefcameifmv4hfr3auozmovz5yi6m3h3dwbuqw7baomfxoxz4qteid.onion/", "available": false, "updated": "2022-05-02 11:11:21.970097", "lastscrape": "2022-05-02 11:11:21.970076", "enabled": false } ], "profile": [ "https://heimdalsecurity.com/blog/doppelpaymer-gets-a-rebranding", "https://www.bleepingcomputer.com/news/security/nra-no-comment-on-russian-ransomware-gang-attack-claims/" ] }, { "name": "avaddon", "captcha": false, "parser": true, "javascript_render": false, "meta": null, "locations": [ { "fqdn": "avaddongun7rngel.onion", "title": null, "version": 2, "slug": "http://avaddongun7rngel.onion", "available": false, "updated": "2021-09-08 00:04:04.125800", "lastscrape": "2021-05-01 00:00:00.000000", "enabled": false