Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Vanhelsing

| RaaS

VanHelsing is a multi-platform RaaS operation that launched on March 7, 2025, requiring a $5,000 affiliate deposit and splitting ransoms 80/20, supporting Windows, Linux, BSD, ARM, and ESXi targets, reaching at least five victims across the US, France, Italy, and Australia within its first two months.
Extension(s): .vanhelsing .vanlocker
External information

Victims
8
 
First Discovered
2025-03-17
victim
Last Discovered
2025-04-05
victim
Inactive Since
1yr
more than
Avg Delay
5
days
Infostealer
37.5%
victims with domain
Countries
5
hit
View Victims on World Map View Group Statistics
Known Locations (7)
Favicon Title Type Available Last Visit Server Info FQDN
favicon VanHelsing Chat No 2026-04-28T07:31:21 vanhelqmjstkvlhrjwzgjzpq422iku6wlggiz5y5r3rmfdeiaj3ljaid.onion
favicon VanHelsing Chat No 2026-04-28T07:33:27 vanhelsokskrlaacilyfmtuqqa5haikubsjaokw47f3pt3uoivh6cgad.onion
favicon VanHelsing Blog No 2026-04-28T07:34:21 vanhelxjo52qr2ixcmtjayqqrcodkuh36n7uq7q7xj23ggotyr3y72yd.onion
favicon VanHelsing Blog No 2026-04-28T07:21:37 vanhelvuuo4k3xsiq626zkqvp6kobc2abry5wowxqysibmqs5yjh4uqd.onion
favicon VanHelsing Blog No 2026-04-28T07:23:56 vanhelwmbf2bwzw7gmseg36qqm4ekc5uuhqbsew4eihzcahyq7sukzad.onion
favicon VanHelsing Chat No 2026-04-28T07:26:34 vanheltarnbfjhuvggbncniap56dscnzz5yf6yjmxqivqmb5r2gmllad.onion
favicon VanHelsing Chat No 2026-04-28T07:29:06 vanhelcbxqt4tqie6fuevfng2bsdtxgc7xslo2yo7nitaacdfrlpxnqd.onion
Target
Top 5 Activity Sectors
  • Business Services 2
  • Technology 2
  • Healthcare 2
  • Financial Services 1
  • Public Sector 1
Top 5 Countries
  • US flag United States 4
  • CL flag Chile 1
  • AU flag Australia 1
  • IT flag Italy 1
  • FR flag France 1
Heatmap
Ransom Notes (1)
YARA Rules (1)
Indicators of Compromise (IoCs) (12)
Bitcoin Wallet 2 Hash MD5 7 IP Address 2 tox 1
Type IOC
Bitcoin Wallet bc1q0cuvj9eglxk43v9mqmyjzzh6m8qsvsanedwrru
Bitcoin Wallet bc1qw92kdpnedjd037lxej9q9336y05v7gql0u4qcv
Hash MD5 084deb26cd9d8eff3f972e8e0c4adfe6
Hash MD5 3e063dc0de937df5841cb9c2ff3e4651
Hash MD5 5b28a0fc21ba079b380effb30e853132
Hash MD5 5c254d25751269892b6f02d6c6384aef
Hash MD5 6dc5021a0cbdbe6dea26d78afb43ebb3
Hash MD5 97150d47ea7779101be6582fc329c2cd
Hash MD5 d7ad18e63064ef80cc6b98db54516f6f
IP Address 193.37.69.162
IP Address 193.37.69.225
tox FEE914521FB507AB978107ACE3B69B4CA41DA89859408BAE23E1512E8C2E614A26C5FFD482A3
Victims (8)
Logo
caschile.cl CL
Vanhelsing
Discovered: 2025-04-05 (1y ago)
CAS–CHILE® is a company with 30 years of experience in the Information Technology market, dedicated …
Logo
attorneykohm.com US
Vanhelsing
Discovered: 2025-03-31 (1y ago)
Attorney David KohmOffices throughout the Dallas Fort Worth AreaThe Law Offices of David Kohm have p…
Logo
alertenterprise.com US
Vanhelsing
Discovered: 2025-03-31 (1y ago)
At the core of our mission is the seamless convergence of advanced physical access control, identity…
Logo
compumedics.com.au AND neuromedicalsupplies.com AU
Vanhelsing
Discovered: 2025-03-26 (1y ago)
A global leader in the development, manufacture and commercialisation of diagnostic technologies for…
Logo
studiocdlvallone.it IT
Vanhelsing
Discovered: 2025-03-24 (1y ago)
We put commitment, curiosity, passion, optimism into our work every day, with a single important goa…
Logo
www.medsrx.com US
Vanhelsing
Discovered: 2025-03-19 (1y ago)
In a world where technology makes everything easier, the old school pharmacy experience is still har…
Logo
Atos-racks.com FR
Vanhelsing
Discovered: 2025-03-18 (1y ago)
ATOS designs, develops and manufactures in France enclosure products for the electronics industry: c…
Logo
www.cityofbellville.com US
Vanhelsing
Discovered: 2025-03-17 (1y ago)  ·  Attack est.: 2025-03-12
Bellville is a city in and the county seat of Austin County, Texas, in the southeastern part of the …