diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index aebea57e..50d4bde3 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -27479,7 +27479,8 @@
"links": [
"http://cuba4mp6ximo2zlo.onion",
"http://cuba4ikm4jakjgmkezytyawtdgr2xymvy6nvzgw5cglswg3si76icnqd.onion/",
- "http://i34gbmo5rxx3bxc4yl7f4erkyo2oldwavhpdragnjjvhni6fwvptp2id.onion"
+ "http://i34gbmo5rxx3bxc4yl7f4erkyo2oldwavhpdragnjjvhni6fwvptp2id.onion",
+ "https://kcfgfs7cclscxloy3bf2xtwnayimawtzrbfirfbvl47xt7n2brfiizyd.onion/"
],
"refs": [
"https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cuba-ransomware.pdf",
@@ -27685,7 +27686,8 @@
"http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/",
"http://ransomoefralti2zh5nrv7iqybp3d5b4a2eeecz5yjosp7ggbepj7iyd.onion",
"http://2vqamwfdpis5rkjtpkutigykp56n6hkxfurm6qukdxp6uz5uff5kkaid.onion/",
- "http://bifpwatchoxp7tsb2kpes37b23ogjrb2kj4wgr7yncf4hhgsfahu7jad.onion/"
+ "http://bifpwatchoxp7tsb2kpes37b23ogjrb2kj4wgr7yncf4hhgsfahu7jad.onion/",
+ "http://aihvh6j6fbkfjyc6jqbsh2ed4s3rym2v2pu6kd3z3exdso2xc2qwcuqd.onion/"
],
"refs": [
"https://www.reuters.com/article/us-usa-products-colonial-pipeline-ransom/more-ransomware-websites-disappear-in-aftermath-of-colonial-pipeline-hack-idUSKCN2CX0KT",
@@ -27696,6 +27698,7 @@
"value": "Everest"
},
{
+ "description": "",
"meta": {
"links": [
"http://gcbejm2rcjftouqbxuhimj5oroouqcuxb2my4raxqa7efkz5bd5464id.onion/"
@@ -28108,7 +28111,8 @@
"http://v4httzsp6ri6xcw7lpmdduvhce5avtla3yocfru5suxpgcgo7rw7slyd.onion/",
"http://myosbja7hixkkjqihsjh6yvmqplz62gr3r4isctjjtu2vm5jg6hsv2ad.onion/chat",
"http://qkbbaxiuqqcqb5nox4np4qjcniy2q6m7yeluvj7n5i5dn7pgpcwxwfid.onion",
- "http://monti5o7lvyrpyk26lqofnfvajtyqruwatlfaazgm3zskt3xiktudwid.onion"
+ "http://monti5o7lvyrpyk26lqofnfvajtyqruwatlfaazgm3zskt3xiktudwid.onion",
+ "http://il6jcce6f5htppc3smu4olpt5pz3akdg5h7k7tb4n45jixxu2o2oxlid.onion/"
],
"refs": [
"https://www.ransomlook.io/group/monti"
@@ -28536,7 +28540,9 @@
"http://kinkwgtp4sfj3tovixjlvsklktjul7v5o55lkf6cgmlnugqlletzsxad.onion/",
"http://k2xhcuvhwh5cyua5vwa4xjeyvyfatzkrh5yn5kc5munvglzge4cod2ad.onion/",
"http://zv7u2tclxajbgae6ba4jkisnkfkts3lk7lxlypmuqktrk42qmo2c7hqd.onion/",
- "http://secxrosqawaefsio3biv2dmi2c5yunf3t7ilwf54czq3v4bi7w6mbfad.onion/"
+ "http://secxrosqawaefsio3biv2dmi2c5yunf3t7ilwf54czq3v4bi7w6mbfad.onion/",
+ "http://cqwdv5rxut5l3blbeg74ddfo6ya65xsxqan7vawffdng6ynd2kulfkqd.onion/",
+ "http://nlqnxzqixcwazwyib4bft2m6ikjrtihh4qgdtnmpmbi3meio5jj2xsad.onion/"
],
"refs": [
"https://www.ransomlook.io/group/ransomhouse"
@@ -29079,7 +29085,8 @@
"http://37izr5yow5d673agew22miyy3inbqncuv7gfp5372yciuzvadqef66yd.onion",
"http://d2wqt4kek62s35hjeankc75nis4zn4e5i6zdtmfkyeevr7fygpf2iiid.onion",
"http://sclj2rax5ljisew3v4msecylzo7iieqw25kcl7io4szei4qcujxixaid.onion",
- "http://xyy2fymbdytltylyuicasuvw7vw3gtgm3cvvjskh4jnzfg3gp7dqgnqd.onion"
+ "http://xyy2fymbdytltylyuicasuvw7vw3gtgm3cvvjskh4jnzfg3gp7dqgnqd.onion",
+ "http://heac3upmfv33scnkeek64dqdx2cblv7z256aezluyvgtwsxi2o3coiid.onion/"
],
"refs": [
"https://www.ransomlook.io/group/cloak"
@@ -29561,7 +29568,9 @@
"http://krsbhaxbki6jr4zvwblvkaqzjkircj7cxf46qt3na5o5sj2hpikbupqd.onion",
"http://krsbhaxbki6jr4zvwblvkaqzjkircj7cxf46qt3na5o5sj2hpikbupqd.onion/api",
"http://zp6la4xdki3irsenq3t7z7pu2nnaktqgob6aizlzjkdiyw6azjeuhzqd.onion",
- "http://3x55o3u2b7cjs54eifja5m3ottxntlubhjzt6k6htp5nrocjmsxxh7ad.onion/"
+ "http://3x55o3u2b7cjs54eifja5m3ottxntlubhjzt6k6htp5nrocjmsxxh7ad.onion/",
+ "http://znjkde7j35jed5qqz3sfiv56v6hyfkbluke5ypi2su5vhx2nruswjcad.onion/",
+ "http://aeey7hxzgl6zowiwhteo5xjbf6sb36tkbn5hptykgmbsjrbiygv4c4id.onion/"
],
"refs": [
"https://www.ransomlook.io/group/trigona"
@@ -30087,6 +30096,7 @@
"value": "cactus"
},
{
+ "description": "",
"meta": {
"links": [
"http://ciphbitqyg26jor7eeo6xieyq7reouctefrompp6ogvhqjba7uo4xdid.onion/",
@@ -30561,7 +30571,16 @@
"links": [
"http://cicadabv7vicyvgz5khl7v2x5yygcgow7ryy6yppwmxii4eoobdaztqd.onion/",
"http://cicadacnft7gcgnveb7wjm6pjpjcjcsugogmlrat7u7pcel3iwb7bhyd.onion/",
- "http://cicadaxousmk6nbntd3ucxefmfgt2drhtfdvh7gmdeh3ttvudam6f2ad.onion"
+ "http://cicadaxousmk6nbntd3ucxefmfgt2drhtfdvh7gmdeh3ttvudam6f2ad.onion",
+ "http://cicadafhqpjwm2sblkfbuwn7sglbibuejr3m7fildpqpjv3hghlhb4id.onion/",
+ "http://zf6bl4dczp5z7uaba2lhm5wrhrpflwvzsx2nhf7zyf63tpsfzc54tbad.onion/",
+ "http://hgannromwuui7n2jvphpteposc3gioqkuo2ncb6fzopasgcq7ixcjeqd.onion/",
+ "http://osd6tsgegts2xaqo3o2hrpqatwlslqfyc3msvyksad4iucauif3oqqad.onion/",
+ "http://uds75egfqi7mfpxckf2un742qsj6rh3kfrydqaldwgkrqp2a37lk6fyd.onion/",
+ "http://wuyfbttjjzsmr5ghl5hoi75ytse3bwrqgk63c6guv3lhw7hwtxbgveid.onion/",
+ "http://bmfyfxl74qb6rsukgwymv7e22ua4uvhszsamqwx7jmj57qkamxwlhbid.onion/",
+ "http://yaoehn32c2s5pwsuzhaa4lsu2a4seycpwyvn5gfz3bn4i74t2jo3frad.onion/",
+ "http://5atqn4dwosjauijzj445mm7t6bqrcvzlzcylpmpnx243jxvlimyb6aid.onion/"
],
"refs": [
"https://www.ransomlook.io/group/cicada3301"
@@ -30598,6 +30617,7 @@
"value": "cloak.su"
},
{
+ "description": "",
"meta": {
"links": [
"http://c2mdhim6btaiyae3xqthnxsz64brvdxsnbty4tvos65zb565y4v55iid.onion",
@@ -30768,7 +30788,21 @@
"http://lynxchatfw4rgsclp4567i4llkqjr2kltaumwwobxdik3qa2oorrknad.onion/",
"http://lynxba5y5juv3c4de2bftamjkbxvcuujr5c5wn4hq2fwmt66pxb7qqad.onion",
"http://lynxchat.net",
- "http://lynxcdnjg43re373nltauhdqfbau25mwawsg42h4lswfe455uaznilad.onion/"
+ "http://lynxcdnjg43re373nltauhdqfbau25mwawsg42h4lswfe455uaznilad.onion/",
+ "http://lynxad2seqpyu52lr5v7il4idasv23535a46s4bj65b3v7t5y6u5daqd.onion/login",
+ "http://lynx2m7xz73zpmlm5nddbokk6a55fh2nzjq2r5nk2hbdbk74iddqfiqd.onion/login",
+ "http://lynxcwuhva6qzlnj3m3qrcl6bgvnxpixg5vsikf53vutdf3ijuv2pxyd.onion/login",
+ "http://lynxcyys7c2np3b3er2wo6sufwoonmh6i3nykv53pst336c3ml4ycjqd.onion/login",
+ "http://lynxdehvlvrrtnhtpuy6bhrxffzvl5j7y7p3zl553slzq44lcb2jzkyd.onion/login",
+ "http://lynxikczcyposxfz5a7hxbqxilsrtx7zdzwmhk5wcb5qoatbv2suizid.onion/login",
+ "http://lynxroggpujfxy7xnlrz3yknphqgk4k5dy4rhaldgz2hpxyyy3ncuvad.onion/login",
+ "http://lynxoifh5boac42m6xdoak6ne7q53sz7kgaaze7ush72uuetbnjg2oqd.onion/login",
+ "http://lynx25vsi4cxesh44chevu2qyguqcx4zrjsjd77cjrmbgn75xkv626yd.onion/login",
+ "http://lynxaeddweqscykez5rknrug6ui5znq4yoxof5qnusiatiyuqqlwhead.onion/login",
+ "http://lynxbk3nzrnph5z5tilsn3twfcgltqynaofuxgb5yt43vdu266z3vvyd.onion/login",
+ "http://lynxhwtifuwxs2zejofpagvzxf7p2l3nhdi3zlrap3y2wsn5hqyfeuid.onion/login",
+ "http://lynxjamasdeyeeiusfgfipfivewc3l3u34hyiiguhdyj776mh535l4ad.onion/login",
+ "http://lynxk7rmhe7luff3ed7chlziwrju34pzc5hm452xhryeaeulc3wxc3ad.onion/login"
],
"refs": [
"https://www.ransomlook.io/group/lynx"
@@ -30803,6 +30837,7 @@
"value": "radar"
},
{
+ "description": "",
"meta": {
"links": [
"http://onyxcgfg4pjevvp5h34zvhaj45kbft3dg5r33j5vu3nyp7xic3vrzvad.onion/",
@@ -30952,7 +30987,9 @@
"http://5ka4wjkv3qulsn6gtfzyhumafgupipu6rkfezf2tw2doveamaqqmxvyd.onion/",
"http://ibrdo3v56w6veyp6moi7iaadtk6o4qa6eyppc3svinph4vx5qrllpzid.onion/",
"http://rsrcywwt7b53kw2lsioilnfrrs2lixt4nttzpcli74fjvfk4kqbfh5qd.onion/",
- "http://pcgkekcyyzl465rqt4mpezjkjdkoxgb7c4j6nbb6rn4gnw7zme24lrad.onion/"
+ "http://pcgkekcyyzl465rqt4mpezjkjdkoxgb7c4j6nbb6rn4gnw7zme24lrad.onion/",
+ "http://g7vfmyo2xvt4uwoypgb675rcgxokwdxqevmx5ie5qojqnkuvnuudemqd.onion/",
+ "http://zaie6jcetdtqhi5epab45wzginog4kuo4sx4nwr4ydkdby76b5ri3xqd.onion/"
],
"refs": [
"https://www.ransomlook.io/group/sarcoma"
@@ -31112,7 +31149,8 @@
"http://nj5qix45sxnl4h4og6hcgwengg2oqloj3c2rhc6dpwiofx3jbivcs6qd.onion",
"http://nz4z6ruzcekriti5cjjiiylzvrmysyqwibxztk6voem4trtx7gstpjid.onion",
"http://qkzxzeabulbbaevqkoy2ew4nukakbi4etnnkcyo3avhwu7ih7cql4gyd.onion/",
- "http://iieavvi4wtiuijas3zw4w54a5n2srnccm2fcb3jcrvbb7ap5tfphw6ad.onion/"
+ "http://iieavvi4wtiuijas3zw4w54a5n2srnccm2fcb3jcrvbb7ap5tfphw6ad.onion/",
+ "http://fcde4o7iquaspdbo5yetwqn3rfueet2zfy3wjosrc5dznyccwbiz6oyd.onion/"
],
"refs": [
"https://www.ransomlook.io/group/safepay"
@@ -31313,7 +31351,8 @@
"http://funknqn44slwmgwgnewne6bintbooauwkaupik4yrlgtycew3ergraid.onion/",
"http://funkxxkovrk7ctnggbjnthdajav4ggex53k6m2x3esjwlxrkb3qiztid.onion/",
"http://funkiydk7c6j3vvck5zk2giml2u746fa5irwalw2kjem6tvofji7rwid.onion/",
- "http://funk4ph7igelwpgadmus4n4moyhh22cib723hllneen7g2qkklml4sqd.onion/"
+ "http://funk4ph7igelwpgadmus4n4moyhh22cib723hllneen7g2qkklml4sqd.onion/",
+ "http://funkyiazgfsrxrib6rnxbhkgfqi7isisfbqnwk2ycf7tpgfhtevlamad.onion/"
],
"refs": [
"https://www.ransomlook.io/group/funksec"
@@ -31431,7 +31470,93 @@
},
"uuid": "ab4dfcc2-a29b-5bbc-b663-98333924423e",
"value": "deadbydawn"
+ },
+ {
+ "meta": {
+ "links": [],
+ "refs": [
+ "https://www.ransomlook.io/group/a1project"
+ ]
+ },
+ "uuid": "3a11f2e3-5af6-5842-b730-b013ded36c6a",
+ "value": "a1project"
+ },
+ {
+ "description": "On January 26th, Babuk's dedicated leak site (DLS) was \"relaunched\". Bjorka (Telegram: @bjorkanesiaaaa) is the current administrator. Upon launch, the DLS was populated mainly by victims previously claimed by other groups such as RansomHub, Lockbit3, and Funksec. At this current time there is no apparent connection to the original Babuk operation besides reusing the Babuk site template and logos. The groups is also known as Babuk2 by other trackers.\r
\r
It is important to note that the original Babuk DLS was hosted and available up until February 26th, 2024. ",
+ "meta": {
+ "links": [
+ "http://7dikawx73goypgfi4zyo5fcajxwb7agemmiwqax3p54aey4dwobcvcyd.onion",
+ "http://gtmx56k4hutn3ikv.onion/",
+ "http://xeuvs5poflczn5i5kbynb5rupmidb5zjuza6gaq22uqsdp3jvkjkciqd.onion/",
+ "http://fpwwt67hm3mkt6hdavkfyqi42oo3vkaggvjj4kxdr2ivsbzyka5yr2qd.onion/",
+ "http://57mphyfkxoj5lph2unswd23akewz3jtj7mb6wignwmyto32ghp2visid.onion/"
+ ],
+ "refs": [
+ "https://www.ransomlook.io/group/babuk-bjorka"
+ ]
+ },
+ "uuid": "468fb9b7-7c22-5db7-aa14-10f71b122f94",
+ "value": "babuk-bjorka"
+ },
+ {
+ "meta": {
+ "links": [
+ "https://darkrypt.io"
+ ],
+ "refs": [
+ "https://www.ransomlook.io/group/darkrypt"
+ ]
+ },
+ "uuid": "ae046ad6-ee14-5ef2-8022-bb2354f5ec5e",
+ "value": "darkrypt"
+ },
+ {
+ "description": "\r
\r
Our team members are from different countries and we are not interested in anything else, we are only interested in dollars.\r
\r
We do not allow CIS, Cuba, North Korea and China to be targeted.\r
\r
Re-attacks are not allowed for target companies that have already made payments.\r
\r
We do not allow non-profit hospitals and some non-profit organizations be targeted.\r
",
+ "meta": {
+ "links": [
+ "http://igziys7pres4644kbrtakxfbrwkyld64nxk5prpkgtcexwrrjgtfjzyd.onion"
+ ],
+ "refs": [
+ "https://www.ransomlook.io/group/gd lockersec"
+ ]
+ },
+ "uuid": "35897947-d886-5e0a-abc8-f05ae92c8692",
+ "value": "gd lockersec"
+ },
+ {
+ "meta": {
+ "links": [
+ "http://chat5sqrnzqewampznybomgn4hf2m53tybkarxk4sfaktwt7oqpkcvyd.onion/"
+ ],
+ "refs": [
+ "https://www.ransomlook.io/group/sugar"
+ ]
+ },
+ "uuid": "c70e7236-f886-5398-99aa-fc326ced789c",
+ "value": "sugar"
+ },
+ {
+ "meta": {
+ "links": [
+ "http://hxxp://33333333h45xwqlf3s3eu4bkd6y6bjswva75ys7j6satex5ctf4pyfad.onion"
+ ],
+ "refs": [
+ "https://www.ransomlook.io/group/d0glun"
+ ]
+ },
+ "uuid": "5d4498ab-38a6-5096-8a44-ba33eb4b786e",
+ "value": "d0glun"
+ },
+ {
+ "meta": {
+ "links": [],
+ "refs": [
+ "https://www.ransomlook.io/group/ymir"
+ ]
+ },
+ "uuid": "e3c6eaba-854a-58a1-8d7c-da508fbf1402",
+ "value": "ymir"
}
],
- "version": 142
+ "version": 143
}