KrakenWare Active

Ransomware group first observed in 2023. Uses TDSSKiller for deployment.
PDF Report Back to Groups
0
Total Victims
2023-08-01
First Seen
2026-02-10
Last Seen
0
Known TTPs
29.2d
Avg Delay
0
Negotiations
ONION URLS
znrp6lz2thpwmwafqik2zx7nlf7yqvlmc6gpknnwkp5mc3hnmxnh4eg6.onion
TOOLS
TDSSKiller Cloudflare Tunnel ConnectWise
FILE EXTENSIONS
.dark
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
tox B5F1EFC45FEB77CABBAFFBE5CF76CCAF2EDC2AA8BA8C22A6FB8AF18E4DDDAB058DD7F34FCECB Associated with KrakenWare ransomware
ip 145.5.63.180 Infrastructure linked to KrakenWare
sha256 27bf14b2f6a40e8d2fb6904faaab5075a0fc0c4ed39508a9e7a57707013eb6b7 Ransomware binary hash - KrakenWare campaign
sha256 32739b5224b8119f9d1bc4d77257180ea2d590088cb8c3f30bd72224f0fb6f08 Ransomware binary hash observed in KrakenWare attacks
email recover414@onionmail.org Associated with KrakenWare ransomware
sha256 e44a8a47a3fa10c2d53d8bf4ef075ea9ee92ed2a543ec8b1042d41b63649a7c7 Associated with KrakenWare ransomware
md5 ae1acd47408f10f8c6541d0765f6435d Associated with KrakenWare ransomware
email help338@airmail.cc Contact email - KrakenWare campaign
sha1 83ba68137898ed5c2d24256033d6935b54724d3b Infrastructure linked to KrakenWare
btc bc1qalrby0vz611186vtn0pbheumrrcinftcmbhkln Associated with KrakenWare ransomware
ip 221.222.82.63 C2 server IP - KrakenWare campaign
email contact230@tutanota.com Contact email observed in KrakenWare attacks
email payment331@onionmail.org Contact email - KrakenWare campaign

No ransom notes