Kappa Active
Ransomware group first observed in 2017. Uses FileZilla for deployment.0
Total Victims
2017-08-01
First Seen
2026-01-15
Last Seen
0
Known TTPs
17.0d
Avg Delay
0
Negotiations
ONION URLS
3kngq2p77zlmoj4tu7bw2aay6h4j3my2glj5bgkzt3ib4ps37jrosdas.onion
TOOLS
FileZilla
Process Hacker
FILE EXTENSIONS
.doom
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
No TTPs data
Kappa_rule_1
Malpedia
rule Kappa_ransomware_1 {
meta:
description = "Detects Kappa ransomware"
author = "RansomwareMonitor"
date = "2026-03-06"
hash = "bdb3cb3baf63317beb6e26a8cb1172004e0040d4677e63359653d7efd57fede9"
strings:
$s0 = "::::" nocase
$h1 = { A4 14 9F E1 7D 03 75 DB EB 42 CB DD 13 }
$s2 = "DECRYPT" nocase
$h3 = { D2 60 83 FB 28 6C E1 97 8D 9F 95 2B 46 D5 6A 3B 61 67 33 3 }
$h4 = { C0 16 14 69 95 07 30 9B 7A 6 }
$s5 = ".kappa" nocase
$h6 = { 59 58 BA 25 55 A4 31 AD F2 F7 39 DC 58 1D 8B BF }
$h7 = { 49 98 67 D4 6F 7A 42 E9 C6 A9 69 FF EF 00 00 1 }
condition:
uint16(0) == 0x5A4D and
filesize < 5MB and
2 of them
}No IoCs
No ransom notes