Kraken

Parsing : Enabled

Known to be a RaaS

Description

Kraken leak blog (hellokitty)
Kraken is a ransomware family first observed in August 2018 as a Ransomware-as-a-Service (RaaS) operation promoted on underground forums. The malware encrypts files with AES encryption (keys protected with RSA) and appends the .kraken extension to encrypted files. Early versions distributed by affiliates were bundled with Azorult spyware, enabling credential and cryptocurrency wallet theft before encryption. Kraken’s operators enforced strict rules for affiliates, including geographic restrictions on attacks, and provided customizable ransom notes and payment portals. Victims were instructed to pay in Bitcoin via Tor-hosted sites. Distribution methods included malicious email attachments, compromised RDP services, and downloads from malicious or compromised websites. Although its activity declined significantly after late 2018, Kraken remains notable for its hybrid model of ransomware deployment combined with credential theft.

External Analysis
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/kraken-cryptor-ransomware-as-a-service/
https://www.bleepingcomputer.com/news/security/kraken-ransomware-distributed-via-malware-infected-installers/
https://research.checkpoint.com/kraken-cryptor-distributed-infected-installer/

Urls	Screen
http://krakenccj3wr23452a4ibkbkuph4d6soyx2xgjoogtuamc3m7u7wemad.onion/	Screen

File servers	Screen
http://zq3k4odlfpbzc5y4sxqgolivelxepceaakru3xqo4ll2czmvvtek2ryd.onion/	Screen
http://t3uouzfvsaqurb2rzoe2mkpetp54d7lgtl45ply34v5lugsnzysmkhid.onion/	Screen
http://mvr2bidstp52pkaybzccjueux4hqbkukuqiss6vhn72qwqruzc7awsid.onion/	Screen
http://vmnnrqf3gs3kl2kfnxatughwmnlyq6qxzyx24ylyh2w36vw3gqwqjpqd.onion/	Screen
http://ko3lwb6glib74kmol5ov5cphabwqmifb5lnjw4bvj75jpfigrfbn7gid.onion/	Screen
http://wkqvktnmr2slazl76opbkdli4ia6gznhxln2z5wny54hf4kzjwgqvxyd.onion/	Screen
http://cjhuttkivmtrf6itrmyoqnxw55isy3dh6u5ifc3fnhajp7lwn5deflid.onion/	Screen
http://3cxvgnwvbzzfm2abzxidi76uib53vsjudsavgzm4viaj26drkcdl6wad.onion/	Screen
http://ab2v4xzffr24pdmswqzrbg45pwsget4h7eyd4swxewuqbxmlwcju7lad.onion/	Screen
http://fk5c3gxraixjl3p7zacchn4jvew35vxo5xpedqf2qtlynsheqymampid.onion/	Screen
http://yjsknaecbmhvrsagrcwqelpojnbcllt6v27vxebxhnotd3wu67onc5qd.onion/	Screen
http://kxntyq6yyfomjoqqya6px7pgc6mbfcbaejryxhiwpntcnlr7hopqj3yd.onion/	Screen
http://ebcbyeua65jtsnbsqsjahurkfj6yndhcwnnfxvwwg4yegb5h7fxjc5ad.onion/	Screen
http://2lqlecl4q4hkrb3rl5p27b4hptnz7lqaaux5uca3g6pylpqlhqyafvad.onion/	Screen
http://74fwiwaeqvtuf6uddankq5pzq637zpput3qxzq36fcxkhltq5plcxdqd.onion/	Screen

Chat servers	Screen
http://xbupelqsy7lubogl6kdtdqguxoleehbxnuuqm2dos6bbmdwablpqckad.onion/	Screen
http://2puszzzqvfv2eco7idbt2fznn2iwlsw27ns5xq3ad257mui2keakacqd.onion/	Screen

Admin servers	Screen

Posts

Date	Title	Description	Screen
2025-07-25	www.mada.com.kw	Mada Communications formerly known as ARAB TELECOMMUNICATIONS (ArabTel) is a leading service provider, offering wireless broadba...	Screen
2025-07-22	www.optyma.co.uk	Established in 1987, Optyma is a principle provider of integrated security systems. Our expertise in the design, implementation,...	Screen
2025-07-15	www.pomerandboccia.com	Pomer & Boccia has been in business since 1989 and operates a debt recovery division located in Woodbridge, Ontario near the int...	Screen
2025-07-10	www.wheelsauto.com	"For over 35 years Wheels Automotive Dealer Supplies has been Canada’s leader in Automotive retail products - as a manufacturer,...	Screen
2025-07-10	www.georgeallenconstruction.com	George Allen Construction specializes in providing innovative solutions for railroad construction projects, catering to the un...	Screen
2025-07-06	www.selt-sistemi.com	The first part of leak http://t3uouzfvsaqurb2rzoe2mkpetp54d7lgtl45ply34v5lugsnzysmkhid.onion/...	Screen
2025-07-06	www.ctntelco.com	Cyber security, cloud services? Hah... ok Pwned http://zq3k4odlfpbzc5y4sxqgolivelxepceaakru3xqo4ll2czmvvtek2ryd.onion/...	Screen
2025-07-06	www.sanmarti.es	Transportes Sanmarti SA http://3cxvgnwvbzzfm2abzxidi76uib53vsjudsavgzm4viaj26drkcdl6wad.onion/...	Screen
2025-07-04	www.humac.dk	Humac was established in 1989 and has sold and serviced Apple products ever since. Humac is to bring the HUman and MAC's together, and it has since 1989 been our goal to provide the best Customer experience through the purchase and servicing of Apple products. Humac is the largest independent Apple Premium Partner in the Nordic region. The head office is located in Copenhagen, denmark, where also our customer service responds to inquiries and calls from all of our customers. Humac A/S is owned by the Italian C&C, Europe's largest Apple Premium Partner with 122 stores in Europe (Italy, France, Sweden, Finland, Estonia, Latvia, and Denmark). Humac is the only company in Denmark is certified by Apple as Apple Premium Partner (APP), and it means that we have met Apple's highest level of sales and service autorisationer and, therefore, we live up to Apple's claims about the exposure of the products and the level of education of our employees. http://kxntyq6yyfomjoqqya6px7pgc6mbfcbaejryxhiwpntcnlr7hopqj3yd.onion/	Screen
2025-07-04	www.prival.com	Banking · Panama http://yjsknaecbmhvrsagrcwqelpojnbcllt6v27vxebxhnotd3wu67onc5qd.onion	Screen
2025-07-04	www.skcounsel.com	Scott & Kraus, LLC is a boutique law firm located in Chicago specializing in commercial finance. The firm serves a diverse range of clients, from start-ups to Fortune 100 companies across the United States, and is dedicated to providing high-quality legal representation. Their experienced attorneys utilize a collaborative approach to deliver superior outcomes and build lasting relationships with clients. With a strong focus on professionalism and transparency, Scott & Kraus, LLC is committed to protecting their clients' interests and ensuring efficient business operations. http://fk5c3gxraixjl3p7zacchn4jvew35vxo5xpedqf2qtlynsheqymampid.onion	Screen
2025-07-04	www.continental.aero	www.continental.aero Continental Aerospace Technologies is a global leader in General Aviation. They are the only company to offer a full range of gasoline and Jet-A engines, as well as avionics services. Continental Aerospace Technologies was founded in 1905 and is based in Alabama, the United States. http://ab2v4xzffr24pdmswqzrbg45pwsget4h7eyd4swxewuqbxmlwcju7lad.onion	Screen
2025-07-04	www.sanmarti.es	www.sanmarti.es Transportes Sanmarti SA http://3cxvgnwvbzzfm2abzxidi76uib53vsjudsavgzm4viaj26drkcdl6wad.onion/	Screen
2025-07-04	www.anubis-cosmetics.com	www.anubis-cosmetics.com ANUBIS COSMETICS, S.L. http://cjhuttkivmtrf6itrmyoqnxw55isy3dh6u5ifc3fnhajp7lwn5deflid.onion/	Screen
2025-07-04	www.floralimited.com	www.floralimited.com Flora Limited http://wkqvktnmr2slazl76opbkdli4ia6gznhxln2z5wny54hf4kzjwgqvxyd.onion	Screen
2025-07-04	www.ultrarapit.net	www.ultrarapit.net ULTRA RAPIT, S.L. http://ko3lwb6glib74kmol5ov5cphabwqmifb5lnjw4bvj75jpfigrfbn7gid.onion/	Screen
2025-05-12	www.kvhealth.net		Screen
2025-05-12	www.circul-aire.com, www.dectron.com		Screen
2025-02-09	ctntelco.com		Screen
2025-02-09	www.fudpucker.com		Screen
2025-02-09	www.mgl.law		Screen
2025-02-09	www.cdprojekt.com		Screen
2025-02-09	www.cisco.com		Screen
2025-02-09	Kitty cookies		Screen