Kraken
Compare
Parsing: enabled
Known RaaS
Description
Kraken leak blog (hellokitty)
Kraken is a ransomware family first observed in August 2018 as a Ransomware-as-a-Service (RaaS) operation promoted on underground forums. The malware encrypts files with AES encryption (keys protected with RSA) and appends the .kraken extension to encrypted files. Early versions distributed by affiliates were bundled with Azorult spyware, enabling credential and cryptocurrency wallet theft before encryption. Kraken’s operators enforced strict rules for affiliates, including geographic restrictions on attacks, and provided customizable ransom notes and payment portals. Victims were instructed to pay in Bitcoin via Tor-hosted sites. Distribution methods included malicious email attachments, compromised RDP services, and downloads from malicious or compromised websites. Although its activity declined significantly after late 2018, Kraken remains notable for its hybrid model of ransomware deployment combined with credential theft.
External Analysis3
| External Analysis |
|---|
| https://www.mcafee.com/blogs/other-blogs/mcafee-labs/kraken-cryptor-ransomware-as-a-service/ |
| https://www.bleepingcomputer.com/news/security/kraken-ransomware-distributed-via-malware-infected-installers/ |
| https://research.checkpoint.com/kraken-cryptor-distributed-infected-installer/ |
Ransom notes1
Urls1
| Url | ||||
|---|---|---|---|---|
| http://krakenccj3wr23452a4ibkbkuph4d6soyx2xgjoogtuamc3m7u7wemad.onion/ | Down |
|
File servers16
| Url | ||||
|---|---|---|---|---|
| http://zq3k4odlfpbzc5y4sxqgolivelxepceaakru3xqo4ll2czmvvtek2ryd.onion/ | Up |
|
||
| http://t3uouzfvsaqurb2rzoe2mkpetp54d7lgtl45ply34v5lugsnzysmkhid.onion/ | Up |
|
||
| http://mvr2bidstp52pkaybzccjueux4hqbkukuqiss6vhn72qwqruzc7awsid.onion/ | Down |
|
||
| http://vmnnrqf3gs3kl2kfnxatughwmnlyq6qxzyx24ylyh2w36vw3gqwqjpqd.onion/ | Up |
|
||
| http://ko3lwb6glib74kmol5ov5cphabwqmifb5lnjw4bvj75jpfigrfbn7gid.onion/ | Down |
|
||
| http://wkqvktnmr2slazl76opbkdli4ia6gznhxln2z5wny54hf4kzjwgqvxyd.onion/ | Up |
|
||
| http://cjhuttkivmtrf6itrmyoqnxw55isy3dh6u5ifc3fnhajp7lwn5deflid.onion/ | Up |
|
||
| http://3cxvgnwvbzzfm2abzxidi76uib53vsjudsavgzm4viaj26drkcdl6wad.onion/ | Up |
|
||
| http://ab2v4xzffr24pdmswqzrbg45pwsget4h7eyd4swxewuqbxmlwcju7lad.onion/ | Up |
|
||
| http://fk5c3gxraixjl3p7zacchn4jvew35vxo5xpedqf2qtlynsheqymampid.onion/ | Up |
|
||
| http://yjsknaecbmhvrsagrcwqelpojnbcllt6v27vxebxhnotd3wu67onc5qd.onion/ | Up |
|
||
| http://kxntyq6yyfomjoqqya6px7pgc6mbfcbaejryxhiwpntcnlr7hopqj3yd.onion/ | Down |
|
||
| http://ebcbyeua65jtsnbsqsjahurkfj6yndhcwnnfxvwwg4yegb5h7fxjc5ad.onion/ | Down |
|
||
| http://2lqlecl4q4hkrb3rl5p27b4hptnz7lqaaux5uca3g6pylpqlhqyafvad.onion/ | Up |
|
||
| http://74fwiwaeqvtuf6uddankq5pzq637zpput3qxzq36fcxkhltq5plcxdqd.onion/ | Down |
|
||
| http://2teh35rkn63fvigugpqroctxol2yfn745k57jmk23d42fwuujpfpnpid.onion/ | Up |
|
Chat servers2
| Url | ||||
|---|---|---|---|---|
| http://xbupelqsy7lubogl6kdtdqguxoleehbxnuuqm2dos6bbmdwablpqckad.onion/ | Down |
|
||
| http://2puszzzqvfv2eco7idbt2fznn2iwlsw27ns5xq3ad257mui2keakacqd.onion/ | Down |
|
Activity (interactive) 27
Posts27
| Date | Title | Description | Screen |
|---|---|---|---|
| www.pointcag.com | POINT provides expert Construction Management Consulting and Litigation Services with objectivity and reliability. http://o5... | Screen | |
| www.ronvil.com | Ronemus & Vilensky LLP is a New York-based law firm specializing in personal injury, civil rights, medical malpractice, and acci... | Screen | |
| The Last Haven Board | In an era where digital communication is both ubiquitous and increasingly scrutinized, the concept of online anonymity has becom... | Screen | |
| www.mada.com.kw | Mada Communications formerly known as ARAB TELECOMMUNICATIONS (ArabTel) is a leading service provider, offering wireless broadba... | Screen | |
| www.optyma.co.uk | Established in 1987, Optyma is a principle provider of integrated security systems. Our expertise in the design, implementation,... | Screen | |
| www.pomerandboccia.com | Pomer & Boccia has been in business since 1989 and operates a debt recovery division located in Woodbridge, Ontario near the int... | Screen | |
| www.wheelsauto.com | "For over 35 years Wheels Automotive Dealer Supplies has been Canada’s leader in Automotive retail products - as a manufacturer,... | Screen | |
| www.georgeallenconstruction.com | George Allen Construction specializes in providing innovative solutions for railroad construction projects, catering to the un... | Screen | |
| www.selt-sistemi.com | The first part of leak http://t3uouzfvsaqurb2rzoe2mkpetp54d7lgtl45ply34v5lugsnzysmkhid.onion/... | Screen | |
| www.ctntelco.com | Cyber security, cloud services? Hah... ok Pwned http://zq3k4odlfpbzc5y4sxqgolivelxepceaakru3xqo4ll2czmvvtek2ryd.onion/... | Screen | |
| www.sanmarti.es | Transportes Sanmarti SA http://3cxvgnwvbzzfm2abzxidi76uib53vsjudsavgzm4viaj26drkcdl6wad.onion/... | Screen | |
| www.humac.dk | Humac was established in 1989 and has sold and serviced Apple products ever since. Humac is to bring the HUman and MAC's together, and it has since 1989 been our goal to provide the best Customer experience through the purchase and servicing of Apple products. Humac is the largest independent Apple Premium Partner in the Nordic region. The head office is located in Copenhagen, denmark, where also our customer service responds to inquiries and calls from all of our customers. Humac A/S is owned by the Italian C&C, Europe's largest Apple Premium Partner with 122 stores in Europe (Italy, France, Sweden, Finland, Estonia, Latvia, and Denmark). Humac is the only company in Denmark is certified by Apple as Apple Premium Partner (APP), and it means that we have met Apple's highest level of sales and service autorisationer and, therefore, we live up to Apple's claims about the exposure of the products and the level of education of our employees. http://kxntyq6yyfomjoqqya6px7pgc6mbfcbaejryxhiwpntcnlr7hopqj3yd.onion/ | Screen | |
| www.prival.com | Banking · Panama http://yjsknaecbmhvrsagrcwqelpojnbcllt6v27vxebxhnotd3wu67onc5qd.onion | Screen | |
| www.skcounsel.com | Scott & Kraus, LLC is a boutique law firm located in Chicago specializing in commercial finance. The firm serves a diverse range of clients, from start-ups to Fortune 100 companies across the United States, and is dedicated to providing high-quality legal representation. Their experienced attorneys utilize a collaborative approach to deliver superior outcomes and build lasting relationships with clients. With a strong focus on professionalism and transparency, Scott & Kraus, LLC is committed to protecting their clients' interests and ensuring efficient business operations. http://fk5c3gxraixjl3p7zacchn4jvew35vxo5xpedqf2qtlynsheqymampid.onion | Screen | |
| www.continental.aero | www.continental.aero Continental Aerospace Technologies is a global leader in General Aviation. They are the only company to offer a full range of gasoline and Jet-A engines, as well as avionics services. Continental Aerospace Technologies was founded in 1905 and is based in Alabama, the United States. http://ab2v4xzffr24pdmswqzrbg45pwsget4h7eyd4swxewuqbxmlwcju7lad.onion | Screen | |
| www.sanmarti.es | www.sanmarti.es Transportes Sanmarti SA http://3cxvgnwvbzzfm2abzxidi76uib53vsjudsavgzm4viaj26drkcdl6wad.onion/ | Screen | |
| www.anubis-cosmetics.com | www.anubis-cosmetics.com ANUBIS COSMETICS, S.L. http://cjhuttkivmtrf6itrmyoqnxw55isy3dh6u5ifc3fnhajp7lwn5deflid.onion/ | Screen | |
| www.floralimited.com | www.floralimited.com Flora Limited http://wkqvktnmr2slazl76opbkdli4ia6gznhxln2z5wny54hf4kzjwgqvxyd.onion | Screen | |
| www.ultrarapit.net | www.ultrarapit.net ULTRA RAPIT, S.L. http://ko3lwb6glib74kmol5ov5cphabwqmifb5lnjw4bvj75jpfigrfbn7gid.onion/ | Screen | |
| www.kvhealth.net | Screen | ||
| www.circul-aire.com, www.dectron.com | Screen | ||
| ctntelco.com | Screen | ||
| www.fudpucker.com | Screen | ||
| www.mgl.law | Screen | ||
| www.cdprojekt.com | Screen | ||
| www.cisco.com | Screen | ||
| Kitty cookies | Screen |
