Skip to content

Commit

Permalink
chg: [ransomware] updated and sync with ransomlook.io
Browse files Browse the repository at this point in the history
  • Loading branch information
@adulau
adulau committed Jan 31, 2025
1 parent 6b62d76 commit a1c8cb6
Showing 1 changed file with 137 additions and 12 deletions.
149 changes: 137 additions & 12 deletions clusters/ransomware.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27479,7 +27479,8 @@
"links": [
"http://cuba4mp6ximo2zlo.onion",
"http://cuba4ikm4jakjgmkezytyawtdgr2xymvy6nvzgw5cglswg3si76icnqd.onion/",
"http://i34gbmo5rxx3bxc4yl7f4erkyo2oldwavhpdragnjjvhni6fwvptp2id.onion"
"http://i34gbmo5rxx3bxc4yl7f4erkyo2oldwavhpdragnjjvhni6fwvptp2id.onion",
"https://kcfgfs7cclscxloy3bf2xtwnayimawtzrbfirfbvl47xt7n2brfiizyd.onion/"
],
"refs": [
"https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cuba-ransomware.pdf",
Expand Down Expand Up @@ -27685,7 +27686,8 @@
"http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/",
"http://ransomoefralti2zh5nrv7iqybp3d5b4a2eeecz5yjosp7ggbepj7iyd.onion",
"http://2vqamwfdpis5rkjtpkutigykp56n6hkxfurm6qukdxp6uz5uff5kkaid.onion/",
"http://bifpwatchoxp7tsb2kpes37b23ogjrb2kj4wgr7yncf4hhgsfahu7jad.onion/"
"http://bifpwatchoxp7tsb2kpes37b23ogjrb2kj4wgr7yncf4hhgsfahu7jad.onion/",
"http://aihvh6j6fbkfjyc6jqbsh2ed4s3rym2v2pu6kd3z3exdso2xc2qwcuqd.onion/"
],
"refs": [
"https://www.reuters.com/article/us-usa-products-colonial-pipeline-ransom/more-ransomware-websites-disappear-in-aftermath-of-colonial-pipeline-hack-idUSKCN2CX0KT",
Expand All @@ -27696,6 +27698,7 @@
"value": "Everest"
},
{
"description": "",
"meta": {
"links": [
"http://gcbejm2rcjftouqbxuhimj5oroouqcuxb2my4raxqa7efkz5bd5464id.onion/"
Expand Down Expand Up @@ -28108,7 +28111,8 @@
"http://v4httzsp6ri6xcw7lpmdduvhce5avtla3yocfru5suxpgcgo7rw7slyd.onion/",
"http://myosbja7hixkkjqihsjh6yvmqplz62gr3r4isctjjtu2vm5jg6hsv2ad.onion/chat",
"http://qkbbaxiuqqcqb5nox4np4qjcniy2q6m7yeluvj7n5i5dn7pgpcwxwfid.onion",
"http://monti5o7lvyrpyk26lqofnfvajtyqruwatlfaazgm3zskt3xiktudwid.onion"
"http://monti5o7lvyrpyk26lqofnfvajtyqruwatlfaazgm3zskt3xiktudwid.onion",
"http://il6jcce6f5htppc3smu4olpt5pz3akdg5h7k7tb4n45jixxu2o2oxlid.onion/"
],
"refs": [
"https://www.ransomlook.io/group/monti"
Expand Down Expand Up @@ -28536,7 +28540,9 @@
"http://kinkwgtp4sfj3tovixjlvsklktjul7v5o55lkf6cgmlnugqlletzsxad.onion/",
"http://k2xhcuvhwh5cyua5vwa4xjeyvyfatzkrh5yn5kc5munvglzge4cod2ad.onion/",
"http://zv7u2tclxajbgae6ba4jkisnkfkts3lk7lxlypmuqktrk42qmo2c7hqd.onion/",
"http://secxrosqawaefsio3biv2dmi2c5yunf3t7ilwf54czq3v4bi7w6mbfad.onion/"
"http://secxrosqawaefsio3biv2dmi2c5yunf3t7ilwf54czq3v4bi7w6mbfad.onion/",
"http://cqwdv5rxut5l3blbeg74ddfo6ya65xsxqan7vawffdng6ynd2kulfkqd.onion/",
"http://nlqnxzqixcwazwyib4bft2m6ikjrtihh4qgdtnmpmbi3meio5jj2xsad.onion/"
],
"refs": [
"https://www.ransomlook.io/group/ransomhouse"
Expand Down Expand Up @@ -29079,7 +29085,8 @@
"http://37izr5yow5d673agew22miyy3inbqncuv7gfp5372yciuzvadqef66yd.onion",
"http://d2wqt4kek62s35hjeankc75nis4zn4e5i6zdtmfkyeevr7fygpf2iiid.onion",
"http://sclj2rax5ljisew3v4msecylzo7iieqw25kcl7io4szei4qcujxixaid.onion",
"http://xyy2fymbdytltylyuicasuvw7vw3gtgm3cvvjskh4jnzfg3gp7dqgnqd.onion"
"http://xyy2fymbdytltylyuicasuvw7vw3gtgm3cvvjskh4jnzfg3gp7dqgnqd.onion",
"http://heac3upmfv33scnkeek64dqdx2cblv7z256aezluyvgtwsxi2o3coiid.onion/"
],
"refs": [
"https://www.ransomlook.io/group/cloak"
Expand Down Expand Up @@ -29561,7 +29568,9 @@
"http://krsbhaxbki6jr4zvwblvkaqzjkircj7cxf46qt3na5o5sj2hpikbupqd.onion",
"http://krsbhaxbki6jr4zvwblvkaqzjkircj7cxf46qt3na5o5sj2hpikbupqd.onion/api",
"http://zp6la4xdki3irsenq3t7z7pu2nnaktqgob6aizlzjkdiyw6azjeuhzqd.onion",
"http://3x55o3u2b7cjs54eifja5m3ottxntlubhjzt6k6htp5nrocjmsxxh7ad.onion/"
"http://3x55o3u2b7cjs54eifja5m3ottxntlubhjzt6k6htp5nrocjmsxxh7ad.onion/",
"http://znjkde7j35jed5qqz3sfiv56v6hyfkbluke5ypi2su5vhx2nruswjcad.onion/",
"http://aeey7hxzgl6zowiwhteo5xjbf6sb36tkbn5hptykgmbsjrbiygv4c4id.onion/"
],
"refs": [
"https://www.ransomlook.io/group/trigona"
Expand Down Expand Up @@ -30087,6 +30096,7 @@
"value": "cactus"
},
{
"description": "",
"meta": {
"links": [
"http://ciphbitqyg26jor7eeo6xieyq7reouctefrompp6ogvhqjba7uo4xdid.onion/",
Expand Down Expand Up @@ -30561,7 +30571,16 @@
"links": [
"http://cicadabv7vicyvgz5khl7v2x5yygcgow7ryy6yppwmxii4eoobdaztqd.onion/",
"http://cicadacnft7gcgnveb7wjm6pjpjcjcsugogmlrat7u7pcel3iwb7bhyd.onion/",
"http://cicadaxousmk6nbntd3ucxefmfgt2drhtfdvh7gmdeh3ttvudam6f2ad.onion"
"http://cicadaxousmk6nbntd3ucxefmfgt2drhtfdvh7gmdeh3ttvudam6f2ad.onion",
"http://cicadafhqpjwm2sblkfbuwn7sglbibuejr3m7fildpqpjv3hghlhb4id.onion/",
"http://zf6bl4dczp5z7uaba2lhm5wrhrpflwvzsx2nhf7zyf63tpsfzc54tbad.onion/",
"http://hgannromwuui7n2jvphpteposc3gioqkuo2ncb6fzopasgcq7ixcjeqd.onion/",
"http://osd6tsgegts2xaqo3o2hrpqatwlslqfyc3msvyksad4iucauif3oqqad.onion/",
"http://uds75egfqi7mfpxckf2un742qsj6rh3kfrydqaldwgkrqp2a37lk6fyd.onion/",
"http://wuyfbttjjzsmr5ghl5hoi75ytse3bwrqgk63c6guv3lhw7hwtxbgveid.onion/",
"http://bmfyfxl74qb6rsukgwymv7e22ua4uvhszsamqwx7jmj57qkamxwlhbid.onion/",
"http://yaoehn32c2s5pwsuzhaa4lsu2a4seycpwyvn5gfz3bn4i74t2jo3frad.onion/",
"http://5atqn4dwosjauijzj445mm7t6bqrcvzlzcylpmpnx243jxvlimyb6aid.onion/"
],
"refs": [
"https://www.ransomlook.io/group/cicada3301"
Expand Down Expand Up @@ -30598,6 +30617,7 @@
"value": "cloak.su"
},
{
"description": "",
"meta": {
"links": [
"http://c2mdhim6btaiyae3xqthnxsz64brvdxsnbty4tvos65zb565y4v55iid.onion",
Expand Down Expand Up @@ -30768,7 +30788,21 @@
"http://lynxchatfw4rgsclp4567i4llkqjr2kltaumwwobxdik3qa2oorrknad.onion/",
"http://lynxba5y5juv3c4de2bftamjkbxvcuujr5c5wn4hq2fwmt66pxb7qqad.onion",
"http://lynxchat.net",
"http://lynxcdnjg43re373nltauhdqfbau25mwawsg42h4lswfe455uaznilad.onion/"
"http://lynxcdnjg43re373nltauhdqfbau25mwawsg42h4lswfe455uaznilad.onion/",
"http://lynxad2seqpyu52lr5v7il4idasv23535a46s4bj65b3v7t5y6u5daqd.onion/login",
"http://lynx2m7xz73zpmlm5nddbokk6a55fh2nzjq2r5nk2hbdbk74iddqfiqd.onion/login",
"http://lynxcwuhva6qzlnj3m3qrcl6bgvnxpixg5vsikf53vutdf3ijuv2pxyd.onion/login",
"http://lynxcyys7c2np3b3er2wo6sufwoonmh6i3nykv53pst336c3ml4ycjqd.onion/login",
"http://lynxdehvlvrrtnhtpuy6bhrxffzvl5j7y7p3zl553slzq44lcb2jzkyd.onion/login",
"http://lynxikczcyposxfz5a7hxbqxilsrtx7zdzwmhk5wcb5qoatbv2suizid.onion/login",
"http://lynxroggpujfxy7xnlrz3yknphqgk4k5dy4rhaldgz2hpxyyy3ncuvad.onion/login",
"http://lynxoifh5boac42m6xdoak6ne7q53sz7kgaaze7ush72uuetbnjg2oqd.onion/login",
"http://lynx25vsi4cxesh44chevu2qyguqcx4zrjsjd77cjrmbgn75xkv626yd.onion/login",
"http://lynxaeddweqscykez5rknrug6ui5znq4yoxof5qnusiatiyuqqlwhead.onion/login",
"http://lynxbk3nzrnph5z5tilsn3twfcgltqynaofuxgb5yt43vdu266z3vvyd.onion/login",
"http://lynxhwtifuwxs2zejofpagvzxf7p2l3nhdi3zlrap3y2wsn5hqyfeuid.onion/login",
"http://lynxjamasdeyeeiusfgfipfivewc3l3u34hyiiguhdyj776mh535l4ad.onion/login",
"http://lynxk7rmhe7luff3ed7chlziwrju34pzc5hm452xhryeaeulc3wxc3ad.onion/login"
],
"refs": [
"https://www.ransomlook.io/group/lynx"
Expand Down Expand Up @@ -30803,6 +30837,7 @@
"value": "radar"
},
{
"description": "",
"meta": {
"links": [
"http://onyxcgfg4pjevvp5h34zvhaj45kbft3dg5r33j5vu3nyp7xic3vrzvad.onion/",
Expand Down Expand Up @@ -30952,7 +30987,9 @@
"http://5ka4wjkv3qulsn6gtfzyhumafgupipu6rkfezf2tw2doveamaqqmxvyd.onion/",
"http://ibrdo3v56w6veyp6moi7iaadtk6o4qa6eyppc3svinph4vx5qrllpzid.onion/",
"http://rsrcywwt7b53kw2lsioilnfrrs2lixt4nttzpcli74fjvfk4kqbfh5qd.onion/",
"http://pcgkekcyyzl465rqt4mpezjkjdkoxgb7c4j6nbb6rn4gnw7zme24lrad.onion/"
"http://pcgkekcyyzl465rqt4mpezjkjdkoxgb7c4j6nbb6rn4gnw7zme24lrad.onion/",
"http://g7vfmyo2xvt4uwoypgb675rcgxokwdxqevmx5ie5qojqnkuvnuudemqd.onion/",
"http://zaie6jcetdtqhi5epab45wzginog4kuo4sx4nwr4ydkdby76b5ri3xqd.onion/"
],
"refs": [
"https://www.ransomlook.io/group/sarcoma"
Expand Down Expand Up @@ -31112,7 +31149,8 @@
"http://nj5qix45sxnl4h4og6hcgwengg2oqloj3c2rhc6dpwiofx3jbivcs6qd.onion",
"http://nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion",
"http://qkzxzeabulbbaevqkoy2ew4nukakbi4etnnkcyo3avhwu7ih7cql4gyd.onion/",
"http://iieavvi4wtiuijas3zw4w54a5n2srnccm2fcb3jcrvbb7ap5tfphw6ad.onion/"
"http://iieavvi4wtiuijas3zw4w54a5n2srnccm2fcb3jcrvbb7ap5tfphw6ad.onion/",
"http://fcde4o7iquaspdbo5yetwqn3rfueet2zfy3wjosrc5dznyccwbiz6oyd.onion/"
],
"refs": [
"https://www.ransomlook.io/group/safepay"
Expand Down Expand Up @@ -31313,7 +31351,8 @@
"http://funknqn44slwmgwgnewne6bintbooauwkaupik4yrlgtycew3ergraid.onion/",
"http://funkxxkovrk7ctnggbjnthdajav4ggex53k6m2x3esjwlxrkb3qiztid.onion/",
"http://funkiydk7c6j3vvck5zk2giml2u746fa5irwalw2kjem6tvofji7rwid.onion/",
"http://funk4ph7igelwpgadmus4n4moyhh22cib723hllneen7g2qkklml4sqd.onion/"
"http://funk4ph7igelwpgadmus4n4moyhh22cib723hllneen7g2qkklml4sqd.onion/",
"http://funkyiazgfsrxrib6rnxbhkgfqi7isisfbqnwk2ycf7tpgfhtevlamad.onion/"
],
"refs": [
"https://www.ransomlook.io/group/funksec"
Expand Down Expand Up @@ -31431,7 +31470,93 @@
},
"uuid": "ab4dfcc2-a29b-5bbc-b663-98333924423e",
"value": "deadbydawn"
},
{
"meta": {
"links": [],
"refs": [
"https://www.ransomlook.io/group/a1project"
]
},
"uuid": "3a11f2e3-5af6-5842-b730-b013ded36c6a",
"value": "a1project"
},
{
"description": "On January 26th, Babuk's dedicated leak site (DLS) was \"relaunched\". Bjorka (Telegram: @bjorkanesiaaaa) is the current administrator. Upon launch, the DLS was populated mainly by victims previously claimed by other groups such as RansomHub, Lockbit3, and Funksec. At this current time there is no apparent connection to the original Babuk operation besides reusing the Babuk site template and logos. The groups is also known as Babuk2 by other trackers.\r<br/>\r<br/>It is important to note that the original Babuk DLS was hosted and available up until February 26th, 2024. ",
"meta": {
"links": [
"http://7dikawx73goypgfi4zyo5fcajxwb7agemmiwqax3p54aey4dwobcvcyd.onion",
"http://gtmx56k4hutn3ikv.onion/",
"http://xeuvs5poflczn5i5kbynb5rupmidb5zjuza6gaq22uqsdp3jvkjkciqd.onion/",
"http://fpwwt67hm3mkt6hdavkfyqi42oo3vkaggvjj4kxdr2ivsbzyka5yr2qd.onion/",
"http://57mphyfkxoj5lph2unswd23akewz3jtj7mb6wignwmyto32ghp2visid.onion/"
],
"refs": [
"https://www.ransomlook.io/group/babuk-bjorka"
]
},
"uuid": "468fb9b7-7c22-5db7-aa14-10f71b122f94",
"value": "babuk-bjorka"
},
{
"meta": {
"links": [
"https://darkrypt.io"
],
"refs": [
"https://www.ransomlook.io/group/darkrypt"
]
},
"uuid": "ae046ad6-ee14-5ef2-8022-bb2354f5ec5e",
"value": "darkrypt"
},
{
"description": "\r<br/>\r<br/>Our team members are from different countries and we are not interested in anything else, we are only interested in dollars.\r<br/>\r<br/>We do not allow CIS, Cuba, North Korea and China to be targeted.\r<br/>\r<br/>Re-attacks are not allowed for target companies that have already made payments.\r<br/>\r<br/>We do not allow non-profit hospitals and some non-profit organizations be targeted.\r<br/>",
"meta": {
"links": [
"http://igziys7pres4644kbrtakxfbrwkyld64nxk5prpkgtcexwrrjgtfjzyd.onion"
],
"refs": [
"https://www.ransomlook.io/group/gd lockersec"
]
},
"uuid": "35897947-d886-5e0a-abc8-f05ae92c8692",
"value": "gd lockersec"
},
{
"meta": {
"links": [
"http://chat5sqrnzqewampznybomgn4hf2m53tybkarxk4sfaktwt7oqpkcvyd.onion/"
],
"refs": [
"https://www.ransomlook.io/group/sugar"
]
},
"uuid": "c70e7236-f886-5398-99aa-fc326ced789c",
"value": "sugar"
},
{
"meta": {
"links": [
"http://hxxp://33333333h45xwqlf3s3eu4bkd6y6bjswva75ys7j6satex5ctf4pyfad.onion"
],
"refs": [
"https://www.ransomlook.io/group/d0glun"
]
},
"uuid": "5d4498ab-38a6-5096-8a44-ba33eb4b786e",
"value": "d0glun"
},
{
"meta": {
"links": [],
"refs": [
"https://www.ransomlook.io/group/ymir"
]
},
"uuid": "e3c6eaba-854a-58a1-8d7c-da508fbf1402",
"value": "ymir"
}
],
"version": 142
"version": 143
}

0 comments on commit a1c8cb6

Please sign in to comment.