🔐Helldown Ransomware Group launched in Surface Web!
helldown.org
NEW ONION: onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion
Running on: nginx/1.18.0 (Ubuntu)
FILE SERVER: onyxcb44xvqra35m3lp3z26kf2pxrlbn64nbzvyvzjyc3uykzrwcjdid.onion
Running on: nginx/1.18.0 (Ubuntu)
OLD: onyxcgfg4pjevvp5h34zvhaj45kbft3dg5r33j5vu3nyp7xic3vrzvad.onion
HELLDOWN INTEL
============
📌31 Victims so far
🎯Targeted: Windows
🎯Most Targeted Countries: 🇺🇸, 🇩🇪, 🇫🇷
🎯Most Targeted Industries: Service, Healthcare, Construction, Manufacturing, Retail
💡Upon inspecting the note, it is found that the Ransom Note is copied from 8Base with minor spelling mistakes such as "cantact", "setle" which was made as typo purposefully.
💡The ransom note is partial and is also seen in Dark Angels and White Rabbit Ransomware Group
💡Claimed to have targeted their victims using 0-Days💣
IOCs
====
5e7f5bb24a7cdaabcf3d2e77ed31fa4e
b81df159e7e338a3159f27ef3358094f
140aad1f823157222af3da2d23de8789
helldown.org
onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion
onyxcb44xvqra35m3lp3z26kf2pxrlbn64nbzvyvzjyc3uykzrwcjdid.onion
onyxcgfg4pjevvp5h34zvhaj45kbft3dg5r33j5vu3nyp7xic3vrzvad.onion
162.255.119.18
63.250.36.235
51.11.168.232
199.232.210.172
20.190.159.68
192.229.221.95
20.223.35.26
52.168.112.66
Follow me for more on Twitter : @RakeshKrish12
#infosec #helldown #ransomware #malware #security #OSINT #darkweb #deepweb #threatintel #threatintelligence #hack #cybersecurity #cybersec #informationsecurity #privacy #dataleak #databreach #corporate #DFIR