Helldown

0/4 offline parser

Compare Crypto

32posts (all time)

0last 30 days

0last 7 days

0% avg uptime 30d

Parsing: enabled

View crypto

Description

Helldown is an emerging ransomware group first identified in August 2024, known for its fast-evolving and cross-platform threat capabilities. It exploits critical vulnerabilities—most notably CVE-2024-42057 in Zyxel firewalls—for initial access and demonstrates modular design and anti-detection mechanisms. Helldown targets both Windows and Linux environments, including VMware and ESXi systems. It employs a double-extortion strategy: encrypting files with randomized extensions via executables like hellenc.exe, and threatening victims with data dump releases via its Tor-hosted leak site.

External Analysis4

External Analysis
https://www.truesec.com/hub/blog/helldown-ransomware-group
https://blog.sekoia.io/helldown-ransomware-an-overview-of-this-emerging-threat
https://hivepro.com/threat-advisory/new-helldown-ransomware-a-growing-threat-across-cross-platform-systems
https://www.broadcom.com/support/security-center/protection-bulletin/helldown-ransomware

Ransom notes1

Readme.[id].txt txt

View all notes

Tox1

Tox
19A549A57160F384CF4E36EE1A24747ED99C623C48EA545F343296FB7092795D00875C94151E

Urls4

Url	Status	Uptime 30d
http://onyxcgfg4pjevvp5h34zvhaj45kbft3dg5r33j5vu3nyp7xic3vrzvad.onion/	Down	0%
http://onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion	Down	0%
http://www.helldown.org	Down	0%
http://onyxcb44xvqra35m3lp3z26kf2pxrlbn64nbzvyvzjyc3uykzrwcjdid.onion	Down	0%

Activity (interactive) 32

Posts32

Date	Title	Description
2024-11-06	klinkamkurpark	klinik-am-kurpark.de
2024-11-06	hausdesstiftens.org	hausdesstiftens.org
2024-11-06	nightnurse.ch	www.nightnurse.ch
2024-11-06	fuelco	fuelco-us.com
2024-11-06	VALLEYFIRM	valleyfirm.com
2024-11-06	children	generaldentistryforchildren.com
2024-11-06	knoxlawcenter	www.knoxlawcenter.com
2024-11-06	AMERICANVENTURE	americanventures.com
2024-11-06	CSIKBS	www.csikitchenandbath.com
2024-11-06	SANJACINTOCOUNY	www.co.san-jacinto.tx.us
2024-11-06	compassfs	www.compassfs.net
2024-11-06	lacliniqueducoureur	lacliniqueducoureur.com
2024-11-06	TIVOLI-33	tivoli-33.org
2024-11-06	qualiform.cz	www.qualiform.cz
2024-11-06	SMARTS-ENGINEER	www.smarts-engineering.de
2024-08-24	HBGJEWISHCOMMUN	www.jewishharrisburg.org
2024-08-22	cincinnatipainphysicians	www.cincinnatipainphysicians.com
2024-08-22	BARRYAVEPLATING	Here's something encrypted, password is required to continue reading.
2024-08-22	RSK-IMMOBILIEN	Here's something encrypted, password is required to continue reading.
2024-08-19	Khonaysser	Here's something encrypted, password is required to continue reading.
2024-08-18	kbo	Here's something encrypted, password is required to continue reading.
2024-08-17	zyxel	Zyxel.eu
2024-08-14	hugwi	hugwi.ch
2024-08-13	deganis	deganis.fr
2024-08-13	SCHLATTNER	SCHLATTNER.de
2024-08-13	XPERT	XPERT Business Solutions GmbH
2024-08-13	MyFreightWorld	MyFreightWorld
2024-08-13	cbmm	cbmm.org
2024-08-13	ATP	AZIENDA TRASPORTI PUBBLICI S.P.A.
2024-08-13	briju	briju.pl
2024-08-13	vindix	vindix.pl
2024-08-13	Albatros	Albatros S.r.l.