Listado de los sitios de los principales cibercriminales y Ransomware en la Dark Web (Actualizado 12/2023)
Desde hace tiempo cifrar los archivos de la víctima y pedir un cifra en BTC/XMR como rescate dejó de ser la única vía de extorsión. Las bandas de cibercriminales han encontrado nuevas formas mucho más lucrativas y casi todas derivan en la publicación y, a veces venta, de datos exfiltrados en sitios reconocidos de la Dark Web.
En este post recopilamos los principales hasta la fecha.
Lista de Ransomware activo (20/12/2023)
- 3AM: http://threeamkelxicjsaf2czjyz2lc4q3ngqkxhhlexyfcp2o6raw4rphya[.]onion
- 54bb47h: http://54bb47h5qu4k7l4d7v5ix3i6ak6elysn3net4by4ihmvrhu7cvbskoqd[.]onion/landing
- Abrahams Ax: http://abrahamm32umasogaqojib3ey2w2nwoafffrguq43tsyke4s3fz3w4yd[.]onion
- Abyss: http://3ev4metjirohtdpshsqlkrqcmxq6zu3d7obrdhglpy5jpbr7whmlfgqd[.]onion/
- Akira: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad[.]onion/ | https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id[.]onion
- Alphv / BlackCat: http://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad[.]onion/ | http://2cuqgeerjdba2rhdiviezodpu3lc4qz2sjf4qin6f7std2evleqlzjid[.]onion | http://alphvuzxyxv6ylumd2ngp46xzq3pw6zflomrghvxeuks6kklberrbmyd[.]onion/
- Arvin Club: http://3kp6j22pz3zkv76yutctosa6djpj4yib2icvdqxucdaxxedumhqicpad[.]onion/
- AtomSilo: http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd[.]onion/
- AvosLocker: http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad[.]onion/
- Basta News: https://stniiomyjliimcgkvdszvgen3eaaoz55hreqqx6o77yvmpwt7gklffqd[.]onion/
- BianLian: http://bianlianlbc5an4kgnay3opdemgcryg2kpfcbgczopmm3dnbz3uaunad[.]onion/
- Babuk: http://nq4zyac4ukl4tykmidbzgdlvaboqeqsemkp4t35bzvjeve6zm2lqcjid[.]onion/
- Bl4ckt0r: http://bl4cktorpms2gybrcyt52aakcxt6yn37byb65uama5cimhifcscnqkid[.]onion/
- BlackByte: http://f5uzduboq4fa2xkjloprmctk7ve3dm46ff7aniis66cbekakvksxgeqd[.]onion/ | http://jbeg2dct2zhku6c2vwnpxtm2psnjo2xnqvvpoiiwr5hxnc6wrp3uhnad[.]onion/
- BlackCat / ALPHV: http://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad[.]onion/
- BlackMatter / DarkSide: http://blackmax7su6mbwtcyo3xwtpfxpm356jjqrs34y4crcytpw7mifuedyd[.]onion/
- Black Shadow: http://544corkfh5hwhtn4[.]onion/
- Bonaci: http://bonacifryrxr4siz6ptvokuihdzmjzpveruklxumflz5thmkgauty2qd[.]onion/
- Chile Locker: http://z6vidveub2ypo3d3x7omsmcxqwxkkmvn5y3paoufyd2tt4bfbkg33kid[.]onion/
- Clop / TA505: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad[.]onion/
- Conti / Ryuk: http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad[.]onion/
- CoomingProject: http://z6mikrtphid5fmn52nbcbg25tj57sowlm3oc25g563yvsfmygkcxqbyd[.]onion/ | http://coomingproject[.]com/
- D0nut: https://qkbbaxiuqqcqb5nox4np4qjcniy2q6m7yeluvj7n5i5dn7pgpcwxwfid[.]onion/ | https://sbc2zv2qnz5vubwtx3aobfpkeao6l4igjegm3xx7tk5suqhjkp5jxtqd[.]onion/ | https://doq32rjiuomfghm5a4lyf3lwwakt2774tkv4ppsos6ueo5mhx7662gid[.]onion/
- Daixin: http://7ukmkdtyxdkdivtjad57klqnd3kdsmq6tp45rrsxqnu76zzv3jvitlqd[.]onion/
- DarkSide: http://darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id[.]onion/
- Data Leak: https://woqjumaahi662ka26jzxyx7fznbp4kg3bsjar4b52tqkxgm2pylcjlad[.]onion/
- DoppelPaymer: http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad[.]onion/
- Everest: https://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad[.]onion/
- Free Civilian: http://gcbejm2rcjftouqbxuhimj5oroouqcuxb2my4raxqa7efkz5bd5464id[.]onion/
- Fog: http://xbkv2qey6u3gd3qxcojynrt4h5sgrhkar6whuo74wo63hijnn677jnyd[.]onion/
- Grief: http://griefcameifmv4hfr3auozmovz5yi6m3h3dwbuqw7baomfxoxz4qteid[.]onion/
- Groove: http://ws3dh6av66sjbxxkjpw5ao3wqzmtejnkzheswm4dz5rrwvular7xvkqd[.]onion/
- Haron: http://ft4zr2jzlqoyob7yg4fcpwyt37hox3ajajqnfkdvbfrkjioyunmqnpad[.]onion/ | Login: Chaddadgroup:Chaddadgroup
- Hive: http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd[.]onion/ | http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd[.]onion/ (login/password)
- Hotarus: http://r6d636w47ncnaukrpvlhmtdbvbeltc6enfcuuow3jclpmyga7cz374qd[.]onion/
- Karakurt: https://3f7nxkjway3d223j27lyad7v5cgmyaifesycvmwq7i7cbs23lb6llryd[.]onion/
- Karma Leaks: https://3nvzqyo6l4wkrzumzu5aod7zbosq4ipgf7ifgj3hsvbcr5vcasordvqd[.]onion/
- LockBit2.0: http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd[.]onion/
- LockBit3.0: http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd[.]onion/ | http://lockbitapt2d73krlbewgv27tquljgxr33xbwwsp6rkyieto7u4ncead[.]onion/ | Otros
- Lorenz: http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd[.]onion/
- LV Blog: http://http://mu35dp7dde4weumhm6cq6foxjusckhnnv2tgh4gdttcqlm3znid4pdqd[.]onion/login | http://qacwwtusydr3vguqueaqf6skntc3kbgtsl52jhwvqp623qdbrga4okyd[.]onion/
- Mallox: http://wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad[.]onion/
- MBC: http://xembshruusobgbvxg4tcjs3jpdnks6xrr6nbokfxadcnlc53yxir22ad[.]onion/
- Medusa: http://qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd[.]onion/ | http://medusacegu2ufmc3kx2kkqicrlcxdettsjcenhjena6uannk5f4ffuyd[.]onion/ | http://medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd[.]onion
- Medusa Locker: qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd[.]onion/ | http://z6wkgghtoawog5noty5nxulmmt2zs7c3yvwr22v4czbffdoly2kl4uad[.]onion/
- Medusa Ransom: medusacegu2ufmc3kx2kkqicrlcxdettsjcenhjena6uannk5f4ffuyd[.]onion.
- Moses Staff: http://mosesstaffm7hptp[.]onion/
- Mount Locker: http://mountnewsokhwilx[.]onion/
- Nefilim (Corporate Leaks): http://hxt254aygrsziejn[.]onion/
- Nokoyama: http://lirncvjfmdhv6samxvvlohfqx7jklfxoxj7xn3fh7qeabs3taemdsdqd[.]onion/pay?id=_ID_
- Omega: http://omegalock5zxwbhswbisc42o2q2i54vdulyvtqqbudqousisjgc7j7yd[.]onion/
- Pay2Key: http://pay2key2zkg7arp3kv3cuugdaqwuesifnbofun4j6yjdw5ry7zw2asid[.]onion/
- Payload.bin: http://vbmisqjshn4yblehk2vbnil53tlqklxsdaztgphcilto3vdj4geao5qd[.]onion/
- Prometheus: http://promethw27cbrcot[.]onion/blog/
- Play: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd[.]onion/
- Pysa: http://pysa2bitc5ldeyfak4seeruqymqs4sj5wt5qkcq7aoyg4h2acqieywad[.]onion/partners.html
- Qilin: http://kbsqoivihgdmwczmxkbovk7ss2dcynitwhhfu5yw725dboqo5kthfaad[.]onion/
- Quantum Blog: http://quantum445bh3gzuyilxdzs5xdepf3b7lkcupswvkryf3n7hgzpxebid[.]onion/
- Ragnar Locker: http://rgleaktxuey67yrgspmhvtnrqtgogur35lwdrup4d3igtbm3pupc4lyd[.]onion/
- Ragnarok Leak: http://sushlnty2j7qdzy64qnvyb6ajkwg7resd3p6agc2widnawodtcedgjid[.]onion/ | http://rgleaktxuey67yrgspmhvtnrqtgogur35lwdrup4d3igtbm3pupc4lyd[.]onion/
- RAMP: http://wavbeudogz6byhnardd2lkp2jafims3j7tj6k6qnywchn2csngvtffqd[.]onion/
- RansomHouse / MarioLocker: http://zohlm7ahjwegcedoz7lrdrti7bvpofymcayotp744qhx6gjmxbuo2yid[.]onion/ | va5vkfdihi5forrzsnmins436z3cbvf3sqqkl4lf6l6kn3t5kc5efrad[.]onion/
- Ransomexx (DEFRAY777): http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad[.]onion/
- Revic: http://relic5zqwemjnu4veilml6prgyedj6phs7de3udhicuq53z37klxm6qd[.]onion/
- Revil 2022: http://landxxeaf2hoyl2jvcwuazypt6imcsbmhb7kx3x33yhparvtmkatpaad[.]onion/
- Rhysida: http://rhysidafohrhyy2aszi7bm32tnjat5xri65fopcxkdfxhi4tidsg7cad[.]onion/
- Royal: http://royal4ezp7xrbakkus3oofjw6gszrohpodmdnfbe5e4w3og5sm7vb3qd[.]onion/
- Snatch: http://hl66646wtlp2naoqnhattngigjp5palgqmbwixepcjyq5i534acgqyad[.]onion/
- Spook: http://spookuhvfyxzph54ikjfwf2mwmxt572krpom7reyayrmxbkizbvkpaid[.]onion/blog
- Suncrypt: http://x2miyuiwpib2imjr5ykyjngdu7v6vprkkhjltrk4qafymtawey4qzwid[.]onion/
- SynACK: http://xqkz2rmrqkeqf6sjbrb47jfwnqxcd4o2zvaxxzrpbh2piknms37rw2ad[.]onion/
- Trigona: http://trigonax2zb3fw34rbaap4cqep76zofxs53zakrdgcxzq6xzt24l5lqd[.]onion/
- Vice Society: http://4hzyuotli6maqa4u[.]onion/ - http://vsociethok6sbprvevl4dlwbqrzyhxcxaqpvcqt5belwvsuxaxsutyad[.]onion/
- Xing Team: http://xingnewj6m4qytljhfwemngm7r7rogrindbq7wrfeepejgxc3bwci7qd[.]onion/
Mercados de Ransomware (30/10/2021)
- BlackByte Auction: http://6iaj3efye3q62xjgfxyegrufhewxew7yt4scxjd45tlfafyja6q4ctqd[.]onion/
- Marketo: http://fvki3hj7uxuirxpeop6chgqoczanmebutznt2mkzy6waov6w456vjuid[.]onion/
- Dark Leak Market: http://54rdhzjzc4ids4u4wata4zr4ywfon5wpz2ml4q3avelgadpvmdal2vqd[.]onion/
- Listado de Ransomware: http://ransomwr3tsydeii4q43vazm7wofla5ujdajquitomtd47cxjtfgwyyd[.]onion/
Fuera de línea (28/02/2023)
- AKO (RANZY): http://37rckgo66iydpvgpwve7b2el5q2zhjw4tv4lmyewufnpx4lhkekxkoqd[.]onion
- ASTRO TEAM: http://anewset3pcya3xvk73hj7yunuamutxxsm5sohkdi32blhmql55tvgqad[.]onion
- AVADDON v2: http://avaddongun7rngel[.]onion
- CHEERS: http://rwiajgajdr4kzlnrj5zwebbukpcbrjhupjmk6gufxv6tg7myx34iocad[.]onion / http://babukq4e2p4wu4iq[.]onion
- BABUK LOCKER: http://gtmx56k4hutn3ikv[.]onion / http://babukq4e2p4wu4iq[.]onion
- CLOP: http://ekbgzchl6x2ias37[.]onion
- CONTI / IOCP: http://htcltkjqoitnez5slo7fvhiou5lbno5bwczu7il2hmfpkowwdpj3q2yd[.]onion | http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad[.]onion
- CONTI-NEWS (RYUK): http://fylszpcqfel7joif[.]onion
- DARKSIDE: http://darksidedxcftmqa[.]onion
- Donut Leaks: https://sbc2zv2qnz5vubwtx3aobfpkeao6l4igjegm3xx7tk5suqhjkp5jxtqd[.]onion
- DOPPEL PAYMER: hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad[.]onion
- EGREGOR: http://egregoranrmzapcv[.]onion
- ESPINOSA/ PYSA: http://wqmfzni2nvbbpk25[.]onion/partners.html
- EVEREST / EVERVE: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad[.]onion/
- GRIEF: http://griefcameifmv4hfr3auozmovz5yi6m3h3dwbuqw7baomfxoxz4qteid[.]onion/
- HARON: http://midasbkic5eyfox4dhnijkzc7v7e4hpmsb2qgux7diqbpna4up4rtdad[.]onion
- Leaks from darknet: http://tdoe2fiiamwkiadhx2a4dfq56ztlqhzl2vckgwmjtoanfaya4kqvvvyd[.]onion
- HIVE: http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd[.]onion/ | http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd[.]onion/
- ICEFIRE: http://kf6x3mjeqljqxjznaw65jixin7dpcunfxbbakwuitizytcpzn4iy5bad[.]onion
- LEAKS FROM DARKNET: http://tdoe2fiiamwkiadhx2a4dfq56ztlqhzl2vckgwmjtoanfaya4kqvvvyd[.]onion
- LOCKDATA AUCTION: http://wm6mbuzipviusuc42kcggzkdpbhuv45sn7olyamy6mcqqked3waslbqd[.]onion/
- LV-BLOG: http://rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad[.]onion
- MAZE: xfr3txoorcyy7tikjgj5dk3rvo3vsrpyaxnclyohkbfp3h277ap4tiad[.]onion
- MAZE-NEWS: https://mazenews[.]online / https://mazenews[.]top
- MOUNT LOCKER: http://mountnewsokhwilx[.]onion
- NETWALKER: http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd[.]onion/blog
- N3TW0RM: http://n3twormruynhn3oetmxvasum2miix2jgg56xskdoyihra4wthvlgyeyd[.]onion
- NOKOYAWA: http://6yofnrq7evqrtz3tzi3dkbrdovtywd35lx3iqbc5dyh367nrdh4jgfyd[.]onion
- NONAME: http://vfokxcdzjbpehgit223vzdzwte47l3zcqtafj34qrr26htjo4uf3obid[.]onion | http://746pbrxl7acvrlhzshosye3b3udk4plurpxt2pp27pojfhkkaooqiiqd[.]onion
- ONYX NEWS: http://mrdxtxy6vqeqbmb4rvbvueh2kukb3e3mhu3wdothqn7242gztxyzycid[.]onion
- PAY2KEY: http://pay2key2zkg7arp3kv3cuugdaqwuesifnbofun4j6yjdw5ry7zw2asid[.]onion
- PAYLOAD.BIN: http://vbmisqjshn4yblehk2vbnil53tlqklxsdaztgphcilto3vdj4geao5qd[.]onion
- PROLOCK: msaoyrayohnp32tcgwcanhjouetb5k54aekgnwg7dcvtgtecpumrxpqd[.]onion
- PROMETHEUS: http://promethw27cbrcot[.]onion/
- RAGNAR LOCKER: http://p6o7m73ujalhgkiv[.]onion
- RAGNAROK: http://wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad[.]onion
- RANSOMEXX (DEFRAY777): http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad[.]onion/
- RANZYLEAK / AKO: http://37rckgo66iydpvgpwve7b2el5q2zhjw4tv4lmyewufnpx4lhkekxkoqd[.]onion/
- RANZYLEAK / AKO: http://37rckgo66iydpvgpwve7b2el5q2zhjw4tv4lmyewufnpx4lhkekxkoqd[.]onion/
- RED ALERT: http://blog2hkbm6gogpv2b3uytzi3bj5d5zmc4asbybumjkhuqhas355janyd[.]onion/
- REVIL / SODIN / SODINOKIBI: http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd[.]onion/ | http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd[.]onion/ID-UNICO | http://blogxxu75w63ujqarv476otld7cyjkq4yoswzt4ijadkjwvg3vrvd5yd[.]onion/Blog/
- SEKHMET: http://sekhmetleaks[.]top
- SPARTA: http://zj2ex44e2b2xi43m2txk4uwi3l55aglsarre7repw7rkfwpj54j46iqd[.]onion
- SUNCRYPT: http://nbzzb6sa6xuura2z[.]onion
- XINOF - RAAS (Login required): wj3b2wtj7u2bzup75tzhnso56bin6bnvsxcbwbfcuvzpc4vcixbywlid[.]onion
- XING LOCKER: http://xingnewj6m4qytljhfwemngm7r7rogrindbq7wrfeepejgxc3bwci7qd[.]onion
- YANLUOWANG: http://jukswsxbh3jsxuddvidrjdvwuohtsy4kxg2axbppiyclomt2qciyfoad[.]onion
DarkTracer publicaba una lista de los ataques realizados por los ransomware más conocidos, y DarkFeed publica el listado actualizado de URL... y otro y otro y otro y otro y otro.
Cristian de la Redacción de Segu-Info
Algunas URL no funcionan en Tor porque indican https en lugar de http
ResponderBorrarFalta el ransomware de Akira
ResponderBorrar/akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad[.]onion
url de trigona?
ResponderBorrarupdated
BorrarBuen post!
ResponderBorrar