22 feb 2021

Listado de los sitios de los principales cibercriminales y Ransomware en la Dark Web (Actualizado 12/2023)

Desde hace tiempo cifrar los archivos de la víctima y pedir un cifra en BTC/XMR como rescate dejó de ser la única vía de extorsión. Las bandas de cibercriminales han encontrado nuevas formas mucho más lucrativas y casi todas derivan en la publicación y, a veces venta, de datos exfiltrados en sitios reconocidos de la Dark Web.

En este post recopilamos los principales hasta la fecha.

Lista de Ransomware activo (20/12/2023)

  • 3AM: http://threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphya[.]onion
  • 54bb47h: http://54bb47h5qu4k7l4d7v5ix3i6ak6elysn3net4by4ihmvrhu7cvbskoqd[.]onion/landing
  • Abrahams Ax: http://abrahamm32umasogaqojib3ey2w2nwoafffrguq43tsyke4s3fz3w4yd[.]onion
  • Abyss: http://3ev4metjirohtdpshsqlkrqcmxq6zu3d7obrdhglpy5jpbr7whmlfgqd[.]onion/
  • Akira: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad[.]onion/ | https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id[.]onion
  • Alphv / BlackCat: http://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad[.]onion/ | http://2cuqgeerjdba2rhdiviezodpu3lc4qz2sjf4qin6f7std2evleqlzjid[.]onion | http://alphvuzxyxv6ylumd2ngp46xzq3pw6zflomrghvxeuks6kklberrbmyd[.]onion/
  • Arvin Club: http://3kp6j22pz3zkv76yutctosa6djpj4yib2icvdqxucdaxxedumhqicpad[.]onion/
  • AtomSilo: http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd[.]onion/
  • AvosLocker: http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad[.]onion/
  • Basta News: https://stniiomyjliimcgkvdszvgen3eaaoz55hreqqx6o77yvmpwt7gklffqd[.]onion/
  • BianLian: http://bianlianlbc5an4kgnay3opdemgcryg2kpfcbgczopmm3dnbz3uaunad[.]onion/
  • Babuk: http://nq4zyac4ukl4tykmidbzgdlvaboqeqsemkp4t35bzvjeve6zm2lqcjid[.]onion/
  • Bl4ckt0r: http://bl4cktorpms2gybrcyt52aakcxt6yn37byb65uama5cimhifcscnqkid[.]onion/
  • BlackByte: http://f5uzduboq4fa2xkjloprmctk7ve3dm46ff7aniis66cbekakvksxgeqd[.]onion/ | http://jbeg2dct2zhku6c2vwnpxtm2psnjo2xnqvvpoiiwr5hxnc6wrp3uhnad[.]onion/
  • BlackCat / ALPHV: http://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad[.]onion/
  • BlackMatter / DarkSide: http://blackmax7su6mbwtcyo3xwtpfxpm356jjqrs34y4crcytpw7mifuedyd[.]onion/
  • Black Shadow: http://544corkfh5hwhtn4[.]onion/
  • Bonaci: http://bonacifryrxr4siz6ptvokuihdzmjzpveruklxumflz5thmkgauty2qd[.]onion/
  • Chile Locker: http://z6vidveub2ypo3d3x7omsmcxqwxkkmvn5y3paoufyd2tt4bfbkg33kid[.]onion/
  • Clop / TA505: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad[.]onion/
  • Conti / Ryuk: http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad[.]onion/
  • CoomingProject: http://z6mikrtphid5fmn52nbcbg25tj57sowlm3oc25g563yvsfmygkcxqbyd[.]onion/ | http://coomingproject[.]com/
  • D0nut: https://qkbbaxiuqqcqb5nox4np4qjcniy2q6m7yeluvj7n5i5dn7pgpcwxwfid[.]onion/ | https://sbc2zv2qnz5vubwtx3aobfpkeao6l4igjegm3xx7tk5suqhjkp5jxtqd[.]onion/ | https://doq32rjiuomfghm5a4lyf3lwwakt2774tkv4ppsos6ueo5mhx7662gid[.]onion/
  • Daixin: http://7ukmkdtyxdkdivtjad57klqnd3kdsmq6tp45rrsxqnu76zzv3jvitlqd[.]onion/
  • DarkSide: http://darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id[.]onion/
  • Data Leak: https://woqjumaahi662ka26jzxyx7fznbp4kg3bsjar4b52tqkxgm2pylcjlad[.]onion/
  • DoppelPaymer: http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad[.]onion/
  • Everest: https://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad[.]onion/
  • Free Civilian: http://gcbejm2rcjftouqbxuhimj5oroouqcuxb2my4raxqa7efkz5bd5464id[.]onion/
  • Fog: http://xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd[.]onion/
  • Grief: http://griefcameifmv4hfr3auozmovz5yi6m3h3dwbuqw7baomfxoxz4qteid[.]onion/
  • Groove: http://ws3dh6av66sjbxxkjpw5ao3wqzmtejnkzheswm4dz5rrwvular7xvkqd[.]onion/
  • Haron: http://ft4zr2jzlqoyob7yg4fcpwyt37hox3ajajqnfkdvbfrkjioyunmqnpad[.]onion/ | Login: Chaddadgroup:Chaddadgroup
  • Hive: http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd[.]onion/ | http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd[.]onion/ (login/password)
  • Hotarus: http://r6d636w47ncnaukrpvlhmtdbvbeltc6enfcuuow3jclpmyga7cz374qd[.]onion/
  • Karakurt: https://3f7nxkjway3d223j27lyad7v5cgmyaifesycvmwq7i7cbs23lb6llryd[.]onion/
  • Karma Leaks: https://3nvzqyo6l4wkrzumzu5aod7zbosq4ipgf7ifgj3hsvbcr5vcasordvqd[.]onion/
  • LockBit2.0: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd[.]onion/
  • LockBit3.0: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd[.]onion/ | http://lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead[.]onion/ | Otros
  • Lorenz: http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd[.]onion/
  • LV Blog: http://http://mu35dp7dde4weumhm6cq6foxjusckhnnv2tgh4gdttcqlm3znid4pdqd[.]onion/login | http://qacwwtusydr3vguqueaqf6skntc3kbgtsl52jhwvqp623qdbrga4okyd[.]onion/
  • Mallox: http://wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad[.]onion/
  • MBC: http://xembshruusobgbvxg4tcjs3jpdnks6xrr6nbokfxadcnlc53yxir22ad[.]onion/
  • Medusa: http://qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd[.]onion/ | http://medusacegu2ufmc3kx2kkqicrlcxdettsjcenhjena6uannk5f4ffuyd[.]onion/ | http://medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd[.]onion
  • Medusa Locker: qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd[.]onion/ | http://z6wkgghtoawog5noty5nxulmmt2zs7c3yvwr22v4czbffdoly2kl4uad[.]onion/
  • Medusa Ransom: medusacegu2ufmc3kx2kkqicrlcxdettsjcenhjena6uannk5f4ffuyd[.]onion.
  • Moses Staff: http://mosesstaffm7hptp[.]onion/
  • Mount Locker: http://mountnewsokhwilx[.]onion/
  • Nefilim (Corporate Leaks): http://hxt254aygrsziejn[.]onion/
  • Nokoyama: http://lirncvjfmdhv6samxvvlohfqx7jklfxoxj7xn3fh7qeabs3taemdsdqd[.]onion/pay?id=_ID_
  • Omega: http://omegalock5zxwbhswbisc42o2q2i54vdulyvtqqbudqousisjgc7j7yd[.]onion/
  • Pay2Key: http://pay2key2zkg7arp3kv3cuugdaqwuesifnbofun4j6yjdw5ry7zw2asid[.]onion/
  • Payload.bin: http://vbmisqjshn4yblehk2vbnil53tlqklxsdaztgphcilto3vdj4geao5qd[.]onion/
  • Prometheus: http://promethw27cbrcot[.]onion/blog/
  • Play: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd[.]onion/
  • Pysa: http://pysa2bitc5ldeyfak4seeruqymqs4sj5wt5qkcq7aoyg4h2acqieywad[.]onion/partners.html
  • Qilin: http://kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad[.]onion/
  • Quantum Blog: http://quantum445bh3gzuyilxdzs5xdepf3b7lkcupswvkryf3n7hgzpxebid[.]onion/
  • Ragnar Locker: http://rgleaktxuey67yrgspmhvtnrqtgogur35lwdrup4d3igtbm3pupc4lyd[.]onion/
  • Ragnarok Leak: http://sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid[.]onion/ | http://rgleaktxuey67yrgspmhvtnrqtgogur35lwdrup4d3igtbm3pupc4lyd[.]onion/
  • RAMP: http://wavbeudogz6byhnardd2lkp2jafims3j7tj6k6qnywchn2csngvtffqd[.]onion/
  • RansomHouse / MarioLocker: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid[.]onion/ | va5vkfdihi5forrzsnmins436z3cbvf3sqqkl4lf6l6kn3t5kc5efrad[.]onion/
  • Ransomexx (DEFRAY777): http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad[.]onion/
  • Revic: http://relic5zqwemjnu4veilml6prgyedj6phs7de3udhicuq53z37klxm6qd[.]onion/
  • Revil 2022: http://landxxeaf2hoyl2jvcwuazypt6imcsbmhb7kx3x33yhparvtmkatpaad[.]onion/
  • Rhysida: http://rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad[.]onion/
  • Royal: http://royal4ezp7xrbakkus3oofjw6gszrohpodmdnfbe5e4w3og5sm7vb3qd[.]onion/
  • Snatch: http://hl66646wtlp2naoqnhattngigjp5palgqmbwixepcjyq5i534acgqyad[.]onion/
  • Spook: http://spookuhvfyxzph54ikjfwf2mwmxt572krpom7reyayrmxbkizbvkpaid[.]onion/blog
  • Suncrypt: http://x2miyuiwpib2imjr5ykyjngdu7v6vprkkhjltrk4qafymtawey4qzwid[.]onion/
  • SynACK: http://xqkz2rmrqkeqf6sjbrb47jfwnqxcd4o2zvaxxzrpbh2piknms37rw2ad[.]onion/
  • Trigona: http://trigonax2zb3fw34rbaap4cqep76zofxs53zakrdgcxzq6xzt24l5lqd[.]onion/
  • Vice Society: http://4hzyuotli6maqa4u[.]onion/ - http://vsociethok6sbprvevl4dlwbqrzyhxcxaqpvcqt5belwvsuxaxsutyad[.]onion/
  • Xing Team: http://xingnewj6m4qytljhfwemngm7r7rogrindbq7wrfeepejgxc3bwci7qd[.]onion/

Mercados de Ransomware (30/10/2021)

  • BlackByte Auction: http://6iaj3efye3q62xjgfxyegrufhewxew7yt4scxjd45tlfafyja6q4ctqd[.]onion/
  • Marketo: http://fvki3hj7uxuirxpeop6chgqoczanmebutznt2mkzy6waov6w456vjuid[.]onion/
  • Dark Leak Market: http://54rdhzjzc4ids4u4wata4zr4ywfon5wpz2ml4q3avelgadpvmdal2vqd[.]onion/
  • Listado de Ransomware: http://ransomwr3tsydeii4q43vazm7wofla5ujdajquitomtd47cxjtfgwyyd[.]onion/

Fuera de línea (28/02/2023)

  • AKO (RANZY): http://37rckgo66iydpvgpwve7b2el5q2zhjw4tv4lmyewufnpx4lhkekxkoqd[.]onion
  • ASTRO TEAM: http://anewset3pcya3xvk73hj7yunuamutxxsm5sohkdi32blhmql55tvgqad[.]onion
  • AVADDON v2: http://avaddongun7rngel[.]onion
  • CHEERS: http://rwiajgajdr4kzlnrj5zwebbukpcbrjhupjmk6gufxv6tg7myx34iocad[.]onion / http://babukq4e2p4wu4iq[.]onion
  • BABUK LOCKER: http://gtmx56k4hutn3ikv[.]onion / http://babukq4e2p4wu4iq[.]onion
  • CLOP: http://ekbgzchl6x2ias37[.]onion
  • CONTI / IOCP: http://htcltkjqoitnez5slo7fvhiou5lbno5bwczu7il2hmfpkowwdpj3q2yd[.]onion | http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad[.]onion
  • CONTI-NEWS (RYUK): http://fylszpcqfel7joif[.]onion
  • DARKSIDE: http://darksidedxcftmqa[.]onion
  • Donut Leaks: https://sbc2zv2qnz5vubwtx3aobfpkeao6l4igjegm3xx7tk5suqhjkp5jxtqd[.]onion
  • DOPPEL PAYMER: hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad[.]onion
  • EGREGOR: http://egregoranrmzapcv[.]onion
  • ESPINOSA/ PYSA: http://wqmfzni2nvbbpk25[.]onion/partners.html
  • EVEREST / EVERVE: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad[.]onion/
  • GRIEF: http://griefcameifmv4hfr3auozmovz5yi6m3h3dwbuqw7baomfxoxz4qteid[.]onion/
  • HARON: http://midasbkic5eyfox4dhnijkzc7v7e4hpmsb2qgux7diqbpna4up4rtdad[.]onion
  • Leaks from darknet: http://tdoe2fiiamwkiadhx2a4dfq56ztlqhzl2vckgwmjtoanfaya4kqvvvyd[.]onion
  • HIVE: http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd[.]onion/ | http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd[.]onion/
  • ICEFIRE: http://kf6x3mjeqljqxjznaw65jixin7dpcunfxbbakwuitizytcpzn4iy5bad[.]onion
  • LEAKS FROM DARKNET: http://tdoe2fiiamwkiadhx2a4dfq56ztlqhzl2vckgwmjtoanfaya4kqvvvyd[.]onion
  • LOCKDATA AUCTION: http://wm6mbuzipviusuc42kcggzkdpbhuv45sn7olyamy6mcqqked3waslbqd[.]onion/
  • LV-BLOG: http://rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad[.]onion
  • MAZE: xfr3txoorcyy7tikjgj5dk3rvo3vsrpyaxnclyohkbfp3h277ap4tiad[.]onion
  • MAZE-NEWS: https://mazenews[.]online / https://mazenews[.]top
  • MOUNT LOCKER: http://mountnewsokhwilx[.]onion
  • NETWALKER: http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd[.]onion/blog
  • N3TW0RM: http://n3twormruynhn3oetmxvasum2miix2jgg56xskdoyihra4wthvlgyeyd[.]onion
  • NOKOYAWA: http://6yofnrq7evqrtz3tzi3dkbrdovtywd35lx3iqbc5dyh367nrdh4jgfyd[.]onion
  • NONAME: http://vfokxcdzjbpehgit223vzdzwte47l3zcqtafj34qrr26htjo4uf3obid[.]onion | http://746pbrxl7acvrlhzshosye3b3udk4plurpxt2pp27pojfhkkaooqiiqd[.]onion
  • ONYX NEWS: http://mrdxtxy6vqeqbmb4rvbvueh2kukb3e3mhu3wdothqn7242gztxyzycid[.]onion
  • PAY2KEY: http://pay2key2zkg7arp3kv3cuugdaqwuesifnbofun4j6yjdw5ry7zw2asid[.]onion
  • PAYLOAD.BIN: http://vbmisqjshn4yblehk2vbnil53tlqklxsdaztgphcilto3vdj4geao5qd[.]onion
  • PROLOCK: msaoyrayohnp32tcgwcanhjouetb5k54aekgnwg7dcvtgtecpumrxpqd[.]onion
  • PROMETHEUS: http://promethw27cbrcot[.]onion/
  • RAGNAR LOCKER: http://p6o7m73ujalhgkiv[.]onion
  • RAGNAROK: http://wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad[.]onion
  • RANSOMEXX (DEFRAY777): http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad[.]onion/
  • RANZYLEAK / AKO: http://37rckgo66iydpvgpwve7b2el5q2zhjw4tv4lmyewufnpx4lhkekxkoqd[.]onion/
  • RANZYLEAK / AKO: http://37rckgo66iydpvgpwve7b2el5q2zhjw4tv4lmyewufnpx4lhkekxkoqd[.]onion/
  • RED ALERT: http://blog2hkbm6gogpv2b3uytzi3bj5d5zmc4asbybumjkhuqhas355janyd[.]onion/
  • REVIL / SODIN / SODINOKIBI: http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd[.]onion/ | http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd[.]onion/ID-UNICO | http://blogxxu75w63ujqarv476otld7cyjkq4yoswzt4ijadkjwvg3vrvd5yd[.]onion/Blog/
  • SEKHMET: http://sekhmetleaks[.]top
  • SPARTA: http://zj2ex44e2b2xi43m2txk4uwi3l55aglsarre7repw7rkfwpj54j46iqd[.]onion
  • SUNCRYPT: http://nbzzb6sa6xuura2z[.]onion
  • XINOF - RAAS (Login required): wj3b2wtj7u2bzup75tzhnso56bin6bnvsxcbwbfcuvzpc4vcixbywlid[.]onion
  • XING LOCKER: http://xingnewj6m4qytljhfwemngm7r7rogrindbq7wrfeepejgxc3bwci7qd[.]onion
  • YANLUOWANG: http://jukswsxbh3jsxuddvidrjdvwuohtsy4kxg2axbppiyclomt2qciyfoad[.]onion

DarkTracer publicaba una lista de los ataques realizados por los ransomware más conocidos, y DarkFeed publica el listado actualizado de URL... y otro y otro y otro y otro y otro.

Cristian de la Redacción de Segu-Info

Suscríbete a nuestro Boletín

5 comentarios:

Gracias por dejar un comentario en Segu-Info.

Gracias por comentar!