SplinterHack Inactive

Ransomware group first observed in 2025. Uses MegaSync for deployment.
PDF Report Back to Groups
0
Total Victims
2025-10-01
First Seen
2025-09-05
Last Seen
0
Known TTPs
11.2d
Avg Delay
0
Negotiations
ONION URLS
ekbdjg67ygafmvzx2i5n3wklz23alnlsa225c6xsqnzrqro5tre4y3fx.onion
TOOLS
MegaSync WinSCP Ligolo Certify
FILE EXTENSIONS
.gone
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

SplinterHack_rule_1 Elastic Security 
rule SplinterHack_ransomware_1 {
    meta:
        description = "Detects SplinterHack ransomware"
        author = "RansomwareMonitor"
        date = "2026-03-06"
        hash = "b5ec0ff70d0130b159368c06f0301de784b30f0ac863df4ca957d208ff42c344"

    strings:
        $h0 = { 06 5C 70 11 F4 A1 B3 30 EB 5B CF F4 DE 2A 8 }
        $h1 = { 77 DF B2 9F 39 32 55 21 DF 63 8A C2 B2 B5 72 62 4B 24 }
        $h2 = { 6E 84 63 6C 6F 5B 96 18 86 26 69 65 90 3C FE 5 }

    condition:
        uint16(0) == 0x5A4D and
        filesize < 5MB and
        3 of them
}
TypeValueDescriptionCopy
email info393@tutanota.com Contact email - SplinterHack campaign
sha1 914999b72b01f3d3e31971c62200825d33e3948a Associated with SplinterHack ransomware
sha1 c17e332968511ed6edc7062ed5cc2143709a0a63 Infrastructure linked to SplinterHack
sha1 2bf776c28d615a1d935e2e4506219356d795e9e9 Infrastructure linked to SplinterHack
tox ABB7CE515FE85FF2C2D3EFAA3EE5ABE2E09BED20D49C6C5E0AE45A42D0DCA96FE602EAF4AC34 Infrastructure linked to SplinterHack
btc bc1qzsjbhythr9kg4ye6rz1q663b4m5hh6ek06b4i7 Bitcoin ransom address - SplinterHack campaign
email payment244@protonmail.com Associated with SplinterHack ransomware
ip 163.86.12.244 Infrastructure linked to SplinterHack
btc bc1qbcy9e9a98f9ns8exuc39xmrqd1wp7tcecrchfc Bitcoin ransom address observed in SplinterHack attacks
md5 29c550dcb3117b3b4e8637b80111210f Malware sample hash - SplinterHack campaign
ip 162.161.207.129 Associated with SplinterHack ransomware
sha256 fd6fcec77292aaf7979cc1571b5bfde7857b45b2bd84b2303d7e42d5ecabf283 Associated with SplinterHack ransomware

No ransom notes