🚨Found Real IPs behind K1LLSEC (Killsec) RANSOMWARE DARKWEB DATALEAK!
Recently, they have claimed to have attacked Rupicard, claims to have 600GB of Financial Data of Indian Citizens!
INFRASTRUCTURE HUNT 🔍
====================
kill432ltnkqvaqntbalnsgojqqs2wz4lhnamrqjg66tq6fuvcztilyd.onion
1️⃣IP: 82.147.84.98 🇷🇺
Running on: nginx
ASN: AS57494
ASN Name: Adman LLC
Location: Russia
ASN Infections: Cobalt Strike, AsyncRAT, ERMAC, UNAM WebShell
2️⃣IP: 77.91.77.187 🇩🇪
Running on: nginx/1.18.0 (Ubuntu)
ASN: AS210644
ASN Name: Aeza International Ltd
Location: Germany
ASN Infections: StealC, Cobalt Strike, SocGholish
3️⃣93.123.39.65 🇧🇬
Running on: nginx/1.18.0 (Ubuntu)
ASN: AS215240
ASN Name: Adman LLC
Location: Bulgaria
ASN Infection: Mirai Bot
Add it to 🫵 IOC List!
KILLSEC Intel💡
==========
📌Victims: #32
📌Most Targeted Countries: 🇮🇳(8), 🇧🇪(6), 🇺🇸(5), 🇷🇴(3)
📌Sample Files of the leaks are uploaded into Go File - File Sharing Platform popularly used by Ransomwares/Data Extortionists
📌Some of the victims are listed for sale, hence leaks are not available.
If you are seeing my post on KILLSEC for the first time, I advice you to check out my previous posts on the same to get an overall understanding about KillSec Ransomware Group!
https://www.linkedin.com/posts/rakesh-krishnan-6179a94b_infosec-security-ransomware-activity-7176812424140873728-ZvTo/
Follow me on Twitter: @RakeshKrish12
#K1llsec #killsec #OSINT #ransomware #security #infosec #threatintel #malware #hack #darkweb #ransomwarealert