Ransomware.live - Group : Hive

Ransomware Group:

Hive

Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Hive is a strain of ransomware that was first discovered in June 2021. Hive was designed to be used by Ransomware-as-a-service providers, to enable novice cyber-criminals to launch ransomware attacks on healthcare providers, energy providers, charities, and retailers across the globe. In 2022 there was a switch from GoLang to Rust.

Sites

Favicon	Title	Type	Available	Last Visit	FQDN	Screenshot
	This domain has been seized		🔴	2025-01-28 10:00:55.671604	hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion	N/A
	This domain has been seized		🔴	2025-01-28 10:01:47.232866	hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion	N/A
	This domain has been seized		🔴	2025-01-28 10:02:18.834975	hiveapi4nyabjdfz2hxdsr7otrcv6zq6m4rk5i2w7j64lrtny4b7vjad.onion	N/A

External information

Tools used

Discovery	RMM Tools	Defense Evasion	Credential Theft	OffSec	Networking	LOLBAS	Exfiltration
Advanced IP Scanner	Atera	GMER		Cobalt Strike		BCDEdit	MEGA
Bloodhound	ScreenConnect	PCHunter		Impacket		BITSAdmin	PrivatLab
SoftPerfect NetScan	Splashtop			Metasploit		Windows Event Utility (wevtutil)	RClone
				Meterpreter		WMIC	Sendspace
				PowerShell Empire			UFile

This information is provided by Ransomware-Tool-Matrix

Yara Rules

Click here to open yara rules

Negotiation chats

Name	# Msg	Initial Ransom	Negotiated Ransom	Paid
20211220	24	N/A	N/A
20211126	4	N/A	N/A
20211026	46	N/A	N/A
20211213	15	N/A	N/A
20211004	70	N/A	N/A
20211113	136	N/A	N/A
20211005	19	N/A	N/A
20211102	58	N/A	N/A

This information is provided by Valéry Marchive & Julien Mousqueton

Ransom Note(s)

Click here to see Ransom Note(s)

Activity over time

Worldmap

208 Victims

R C Stevens Construction

Ransomware Group:

Discovery Date: 2023-01-16 23:15

Sector:

As commercial construction specialists in Orlando, we provide new construction and renovation services with an emphasis on design/build. R. C. Stevens is qualified to design and construct any type of commercial construction project in Orlando. We offer all of the necessary resources to meet each client’s specific project needs for design and construction services related to manufacturing/industrial, commercial, healthcare, financial, religious, and renovations. At. R. C. Stevens, the spirit of innovation can be found in each and every Orlando commercial construction project we do. Every team member at R.C. Stevens strives daily to uphold the founding principles of quality and integrity as having long been a company tradition since 1926.

Victim: | Group:

G.W. Becker

Ransomware Group:

Discovery Date: 2023-01-11 21:19

Sector:

***** DATA IS COMING SOON **** G.W. Becker, Inc. is a full service, single source, provider of choice for quality overhead crane products and solutions. Family owned since 1980, we have grown from a local overhead crane parts supplier to a recognized industry leader offering a full spectrum of overhead crane related products and services throughout North America. Proud to be an Executive Member of the Crane Manufacturer’s Association of America, we design and manufacture custom overhead cranes, hoists and components to CMAA Specifications (Class “A” through “F”) or AIST Technical Report #6. We utilize our knowledgeable in-house team of mechanical, structural and electrical engineers to offer application assistance, custom design engineering and manufacturing of overhead crane products with our customers’ needs first and foremost. Empowered with highly trained and qualified technicians, G.W. Becker, Inc. provides self-performing installations, inspections and field service repairs for all makes and models of overhead cranes; providing compliance with local regulations and ensuring a safe and productive material handling operation. Staying true to our mission and values, we strive to understand our customers’ needs and deliver specialized expertise and long-term planning solutions for the unique challenges of purchasing and maintaining overhead crane and hoist equipment.

Victim: | Group:

Consulate Health Care

Ransomware Group:

Discovery Date: 2023-01-06 07:20

Sector:

Consulate Health Care is a leading provider of senior healthcare services, specializing in post-acute care. We offer services ranging from comprehensive short-term rehabilitation and transitional care to Alzheimer’s and dementia care. Consulate Health Care began as a small provider in Cheswick, PA with a strong focus on patient needs. We haven’t waivered from that focus, which has strengthened our family and allows us to sustain jobs in many communities, create rigorous systems of care and deploy technology that makes it easier to understand patient needs. Even as we’ve grown to provide services across 5 states, it’s the little things we do while fulfilling our mission statement of "Providing Service with Our Hearts and Hands" that really makes the difference. From visiting with our patients while they eat, to pulling up the sheets to just the right height, our employees care for patients like family, not because it’s their job, but because it’s their calling.

Victim: | Group:

Centro Médico Virgen De La Caridad

Ransomware Group:

Discovery Date: 2022-12-31 16:02

Sector:

Grupo Centro Médico Virgen de la Caridad, a private health company with its own identity that was born in 1981 in the city of Cartagena, where it is headquartered, currently has 2 hospitals (Cartagena and Caravaca), 20 polyclinics, 23 physiotherapy clinics and 16 dental clinics , which are distributed throughout different parts of the Region of Murcia and Orihuela Costa. In addition, the group has 1 aesthetic clinic (Cartagena), plus 1 Ophthalmological clinic (Cartagena). The health entity that is committed to global, close, accessible and highly qualified care, is made up of more than 600 professionals (including health, administrative and patient care personnel) whose purpose is to offer a wide range of services on a daily basis under the better and more complete health care. All our centers are equipped with the most advanced technology, an essential support, which together with our highly qualified human capital, has made us, over almost 40 years of activity, a benchmark in private medicine in the Region of Murcia. We welcome you to Grupo Centro Médico Virgen de la Caridad, where new challenges are not a problem but a challenge for growth and improvement in private healthcare .

Victim: | Group:

Camst Group

Ransomware Group:

Discovery Date: 2022-12-30 09:50

Sector:

Camst Group is a company that specializes in restaurant services. It offers catering & banqueting, restaurant & bars, catering at the fair, and collective cater.

Victim: | Group:

MHMR Authority Of Brazos Valley

Ransomware Group:

Discovery Date: 2022-12-22 14:57

Sector:

The MHMR Authority of Brazos Valley is a public non-profit community MHMR center. Through the Texas Department of State Health Services and Texas Department of

Victim: | Group:

Alvaria

Ransomware Group:

Discovery Date: 2022-12-21 20:16

Sector:

Alvaria, (pronounced: ahl-vahr-ee-uh), a global leader delivering optimized customer experience and workforce engagement software and cloud services technology solutions.

Victim: | Group:

Interface

Ransomware Group:

Discovery Date: 2022-12-20 23:52

Sector:

**** 30% OF THE DATA IS COMING SOON **** Interface, Inc. is a global flooring company specializing in carbon neutral carpet tile and resilient flooring. Stocks: NASDAQ: TILE Equity: IF6N.F, IF6N.BE, IF6N.HA

Victim: | Group:

North Idaho College

Ransomware Group:

Discovery Date: 2022-12-20 16:56

Sector:

Founded in 1933, North Idaho College is a community college in Coeur d'Alene, Idaho.

Group:

Innovative Education Management

Ransomware Group:

Discovery Date: 2022-12-20 16:56

Sector:

Innovative Education Management (IEM) has been successfully developing and operating California charter schools since 1998

Group:

Dixons Allerton Academy

Ransomware Group:

Discovery Date: 2022-12-20 16:56

Sector:

Dixons Allerton Academy (formerly Rhodesway Academy) is a coeducational all-through school and sixth form located in Allerton area of the City of Bradford, in the English county of West Yorkshire.

Group:

City Of Huntsville, Texas

Ransomware Group:

Discovery Date: 2022-12-20 16:56

Sector:

Huntsville Texas is a city in the Texas Hill Country.

Group:

JAKKS Pacific Inc

Ransomware Group:

Discovery Date: 2022-12-20 03:17

Sector:

JAKKS Pacific, Inc. is a multi-brand company that, since 1995, has been designing, developing, producing and marketing toys, leisure products and writing instruments for children and adults around the world. The company has become a top six U.S. player in the toys and leisure products sector through product development, licensing agreements and strategic acquisitions. We believe our growth strategy is unique and built upon a concentrated effort to spread earnings across all four quarters. We have accomplished that by expanding and 'counter-seasonalizing' our product lines, adding new retail outlets and leveraging our product development and merchandising expertise on products with staying power. About JAKKS Pacific, Inc. JAKKS Pacific, Inc. is a leading designer, manufacturer and marketer of toys and consumer products sold throughout the world, with its headquarters in Santa Monica, California. JAKKS Pacific’s popular proprietary brands include: Fly Wheels®, Perfectly Cute®, ReDo Skateboard Co.®, X Power Dozer®, Disguise®, Weee-Do™ and a wide range of entertainment-inspired products featuring premier licensed properties. Through JAKKS Cares, the company’s commitment to philanthropy, JAKKS is helping to make a positive impact on the lives of children. Visit us at www.jakks.com and follow us on Instagram (@jakkstoys), Twitter (@jakkstoys) and Facebook (JAKKS Pacific).

Group:

Stolle Machinery

Ransomware Group:

Discovery Date: 2022-12-20 02:13

Sector:

**** ALL BLUEPRINTS OF ALL PRODUCT LINES WILL BE AVAILABLE SOON **** Stolle is the world's leading supplier of two piece can and end-making machinery for the global canmaking industry. Our high speed machines can be found in can plants around the world performing the value-added functions of the canmaking process.

Group:

Mark-Taylor

Ransomware Group:

Discovery Date: 2022-12-14 22:57

Sector:

Group:

Expand Group

Ransomware Group:

Discovery Date: 2022-12-14 21:01

Sector:

Group:

KNOX College

Ransomware Group:

Discovery Date: 2022-12-10 13:48

Sector:

Group:

INTERSPORT France

Ransomware Group:

Discovery Date: 2022-12-06 07:55

Sector:

Group:

Guilford College

Ransomware Group:

Discovery Date: 2022-11-25 15:09

Sector:

Group:

Norman Public Schools

Ransomware Group:

Discovery Date: 2022-11-23 17:19

Sector:

Group:

Hydro-Gear & Agri-Fab

Ransomware Group:

Discovery Date: 2022-11-15 17:38

Sector:

Group:

LCMH

Ransomware Group:

Discovery Date: 2022-11-15 07:38

Sector:

Group:

MCCROSSAN

Ransomware Group:

Discovery Date: 2022-11-10 13:33

Sector:

Group:

APM Terminals

Ransomware Group:

Discovery Date: 2022-11-08 17:18

Sector:

Group:

TCQ

Ransomware Group:

Discovery Date: 2022-11-07 23:08

Sector:

Group:

ROYAL GATEWAY CO., LTD

Ransomware Group:

Discovery Date: 2022-11-07 23:08

Sector:

Group:

Cornwell Quality Tools

Ransomware Group:

Discovery Date: 2022-11-07 21:13

Sector:

Group:

Landi Renzo

Ransomware Group:

Discovery Date: 2022-11-03 19:12

Sector:

Group:

Tata Power

Ransomware Group:

Discovery Date: 2022-10-24 21:40

Sector:

Group:

Município De Loures

Ransomware Group:

Discovery Date: 2022-10-09 11:41

Sector:

Group:

Mansfield Independent School District (MISD)

Ransomware Group:

Discovery Date: 2022-09-30 21:43

Sector:

Group:

Southwell, Inc.

Ransomware Group:

Discovery Date: 2022-09-27 21:20

Sector:

Group:

Hendry Regional Medical Center

Ransomware Group:

Discovery Date: 2022-09-27 07:59

Sector:

Group:

JANMARINI

Ransomware Group:

Discovery Date: 2022-09-27 01:43

Sector:

Group:

TAKAO-UK

Ransomware Group:

Discovery Date: 2022-09-26 23:13

Sector:

Group:

GFG

Ransomware Group:

Discovery Date: 2022-09-26 21:17

Sector:

Group:

TSMTU

Ransomware Group:

Discovery Date: 2022-09-26 19:13

Sector:

Group:

BHARBERT

Ransomware Group:

Discovery Date: 2022-09-21 21:28

Sector: Business Services

Group:

Sigmund Software

Ransomware Group:

Discovery Date: 2022-09-20 17:26

Sector: Information Technology

Group:

New York Racing Association

Ransomware Group:

Discovery Date: 2022-09-19 13:16

Sector: Others

Group:

Bell Technical Solutions

Ransomware Group:

Discovery Date: 2022-09-15 20:58

Sector: Internet & Telecommunication Services

Group:

FONTAINEBLEAU

Ransomware Group:

Discovery Date: 2022-09-15 11:16

Sector: Business Services

Group:

California-Oregon Telecommunications Company

Ransomware Group:

Discovery Date: 2022-09-06 21:07

Sector: Internet & Telecommunication Services

Group:

Eurocell

Ransomware Group:

Discovery Date: 2022-09-02 07:14

Sector: Manufacturing

Group:

NCG Medical

Ransomware Group:

Discovery Date: 2022-08-31 14:45

Sector: Information Technology

Group:

Altice International

Ransomware Group:

Discovery Date: 2022-08-25 19:21

Sector: Internet & Telecommunication Services

Group:

Baton Rouge General

Ransomware Group:

Discovery Date: 2022-08-24 20:59

Sector: Healthcare Services

Group:

Reiter Affiliated Companies

Ransomware Group:

Discovery Date: 2022-08-19 08:54

Sector: Agriculture

Group:

WOOTTON ACADEMY TRUST

Ransomware Group:

Discovery Date: 2022-08-18 12:58

Sector:

Group:

TriState HVAC Equipment

Ransomware Group:

Discovery Date: 2022-08-14 10:48

Sector: Advertising, Marketing & Public Relations

Group:

ENN Group

Ransomware Group:

Discovery Date: 2022-08-04 13:00

Sector: Energy & Utilities

Group:

CIMEX

Ransomware Group:

Discovery Date: 2022-07-27 14:52

Sector:

Group:

Weidmueller

Ransomware Group:

Discovery Date: 2022-07-27 13:03

Sector: Manufacturing

Group:

Empress EMS

Ransomware Group:

Discovery Date: 2022-07-26 17:13

Sector:

Group:

LaVan & Neidenberg

Ransomware Group:

Discovery Date: 2022-07-20 13:45

Sector: Business Services

Group:

Carrolls Irish Gifts

Ransomware Group:

Discovery Date: 2022-07-16 16:34

Sector: Wholesale & Retail

Group:

Behavioral Health System

Ransomware Group:

Discovery Date: 2022-07-14 16:26

Sector: Healthcare Services

Group:

FMT

Ransomware Group:

Discovery Date: 2022-07-14 16:26

Sector:

Group:

CITY-FURNITURE

Ransomware Group:

Discovery Date: 2022-07-14 16:26

Sector: Wholesale & Retail

Group:

RALLYE-DOM

Ransomware Group:

Discovery Date: 2022-07-14 16:26

Sector:

Group:

SANDO

Ransomware Group:

Discovery Date: 2022-07-13 18:25

Sector: Business Services

Group:

RTVCM

Ransomware Group:

Discovery Date: 2022-07-13 18:25

Sector:

Group:

AdaptIT

Ransomware Group:

Discovery Date: 2022-07-13 18:25

Sector: Information Technology

Group:

Exela Technologies

Ransomware Group:

Discovery Date: 2022-07-13 18:25

Sector: Information Technology

Victim: | Group:

APETITO

Ransomware Group:

Discovery Date: 2022-07-13 18:25

Sector: Manufacturing

Group:

GROUP4 AUSTRALIA

Ransomware Group:

Discovery Date: 2022-07-13 18:25

Sector: Business Services

Group:

Authentic Brands Group

Ransomware Group:

Discovery Date: 2022-07-13 18:25

Sector: Advertising, Marketing & Public Relations

Group:

Yurtiçi Kargo

Ransomware Group:

Discovery Date: 2022-07-04 18:30

Sector: Transportation

Group:

Hamlyns Limited

Ransomware Group:

Discovery Date: 2022-07-04 14:40

Sector: Business Services

Group:

DIRECTFERRIES

Ransomware Group:

Discovery Date: 2022-07-04 08:35

Sector: Business Services

Group:

MHIRE

Ransomware Group:

Discovery Date: 2022-07-04 08:35

Sector:

Group:

CAN.COM

Ransomware Group:

Discovery Date: 2022-07-04 08:35

Sector: Information Technology

Group:

AUM

Ransomware Group:

Discovery Date: 2022-07-04 08:35

Sector:

Group:

KDE

Ransomware Group:

Discovery Date: 2022-07-04 08:35

Sector: Information Technology

Group:

YURTICIKARGO

Ransomware Group:

Discovery Date: 2022-07-04 08:35

Sector:

Group:

Massy Distribution Limited

Ransomware Group:

Discovery Date: 2022-07-04 08:35

Sector: Wholesale & Retail

Group:

WWSTEELE

Ransomware Group:

Discovery Date: 2022-07-04 08:35

Sector: Manufacturing

Group:

NETWORK4CARS

Ransomware Group:

Discovery Date: 2022-07-04 08:35

Sector: Automotive

Group:

AG

Ransomware Group:

Discovery Date: 2022-07-03 08:38

Sector:

Group:

Rocky

Ransomware Group:

Discovery Date: 2022-07-02 18:45

Sector:

Group:

SuperAlloy Industrial Co., Ltd.

Ransomware Group:

Discovery Date: 2022-06-28 14:03

Sector: Manufacturing

Group:

Diskriter

Ransomware Group:

Discovery Date: 2022-06-28 14:03

Sector: Healthcare Services

Group:

Alphapointe

Ransomware Group:

Discovery Date: 2022-06-23 16:58

Sector: Community, Social Services & Non-Profit Organisations

Group:

Arte Radiotelevisivo Argentino (Artear)

Ransomware Group:

Discovery Date: 2022-06-23 13:50

Sector: Broadcasting

Group:

Goodman Campbell Brain & Spine

Ransomware Group:

Discovery Date: 2022-06-08 17:51

Sector: Healthcare Services

Group:

G&P Projects And Systems S.A.

Ransomware Group:

Discovery Date: 2022-05-30 22:28

Sector: Information Technology

Group:

Caracol TV

Ransomware Group:

Discovery Date: 2022-05-30 22:28

Sector: Broadcasting

Group:

Travira Air

Ransomware Group:

Discovery Date: 2022-05-28 20:31

Sector: Transportation

Group:

XEIAD

Ransomware Group:

Discovery Date: 2022-05-28 20:31

Sector: Business Services

Group:

SOUCY

Ransomware Group:

Discovery Date: 2022-05-26 14:40

Sector: Manufacturing

Group:

Guardian Fueling Technologies

Ransomware Group:

Discovery Date: 2022-05-26 04:32

Sector: Energy & Utilities

Group:

ChemStation International

Ransomware Group:

Discovery Date: 2022-05-26 04:32

Sector: Manufacturing

Group:

GUARDFUEL

Ransomware Group:

Discovery Date: 2022-05-25 20:33

Sector:

Group:

NUAIRE

Ransomware Group:

Discovery Date: 2022-05-25 19:35

Sector: Manufacturing

Group:

IGHQ

Ransomware Group:

Discovery Date: 2022-05-25 19:35

Sector:

Group:

Yachiyo Of America

Ransomware Group:

Discovery Date: 2022-05-25 13:47

Sector: Manufacturing

Group:

RateGain

Ransomware Group:

Discovery Date: 2022-05-24 14:28

Sector: Information Technology

Group:

SPORTPLAZA

Ransomware Group:

Discovery Date: 2022-05-20 16:24

Sector:

Group:

EIITNET

Ransomware Group:

Discovery Date: 2022-05-19 20:29

Sector: Business Services

Group:

CARTEGRAPH

Ransomware Group:

Discovery Date: 2022-05-19 20:29

Sector: Information Technology

Group:

Tri-Ko

Ransomware Group:

Discovery Date: 2022-05-19 14:28

Sector: Community, Social Services & Non-Profit Organisations

Group:

Faw-Volkswagen Automobile Co., Ltd.

Ransomware Group:

Discovery Date: 2022-05-04 14:34

Sector: Manufacturing

Group:

Monterey Mechanical Co.

Ransomware Group:

Discovery Date: 2022-04-29 13:40

Sector: Manufacturing

Group:

Attica Group

Ransomware Group:

Discovery Date: 2022-04-28 12:28

Sector: Shipping & Logistics

Group:

SSK Ingeniería Y Construcción S.A.C.

Ransomware Group:

Discovery Date: 2022-04-26 21:12

Sector: Business Services

Group:

MILLS GROUP

Ransomware Group:

Discovery Date: 2022-04-18 11:27

Sector:

Group:

FCCH

Ransomware Group:

Discovery Date: 2022-04-07 05:21

Sector:

Group:

PHC

Ransomware Group:

Discovery Date: 2022-03-29 22:22

Sector:

Group:

Konradin Mediengruppe GmbH

Ransomware Group:

Discovery Date: 2022-03-26 11:20

Sector:

Group:

Pollmann

Ransomware Group:

Discovery Date: 2022-03-25 10:24

Sector: Manufacturing

Group:

Passero Associates

Ransomware Group:

Discovery Date: 2022-03-24 18:23

Sector: Business Services

Group:

KONECTA SERVICIOS ADMINISTRATIVOS Y TECNOLOGICOS S.L. SUCURSAL ARGENTINA

Ransomware Group:

Discovery Date: 2022-03-24 08:31

Sector:

Group:

Banco Caribe

Ransomware Group:

Discovery Date: 2022-03-23 22:25

Sector: Financial

Group:

Asphalion

Ransomware Group:

Discovery Date: 2022-03-23 21:22

Sector: Manufacturing

Group:

Instituto De Gesto Estratégica De Sade Do Distrito Federal

Ransomware Group:

Discovery Date: 2022-03-23 15:24

Sector:

Group:

Wibag Bau Ag

Ransomware Group:

Discovery Date: 2022-03-23 14:35

Sector:

Group:

Otto Dörner GmbH & Co. KG

Ransomware Group:

Discovery Date: 2022-03-22 18:20

Sector: Energy & Utilities

Group:

GomeA

Ransomware Group:

Discovery Date: 2022-03-22 17:29

Sector:

Group:

Ministry For Foreign Affairs Of The Republic Of Indonesia

Ransomware Group:

Discovery Date: 2022-03-22 16:28

Sector: Government

Group:

UCSI University

Ransomware Group:

Discovery Date: 2022-03-22 15:20

Sector:

Group:

School District Of Janesville

Ransomware Group:

Discovery Date: 2022-03-22 14:20

Sector:

Group:

Rotoplas

Ransomware Group:

Discovery Date: 2022-03-22 13:26

Sector:

Group:

Centurion Stone

Ransomware Group:

Discovery Date: 2022-03-22 12:21

Sector:

Group:

Dayton T. Brown, Inc

Ransomware Group:

Discovery Date: 2022-03-22 11:23

Sector:

Group:

Centerline Communication Llc

Ransomware Group:

Discovery Date: 2022-03-22 10:24

Sector: Internet & Telecommunication Services

Group:

Polynt Group

Ransomware Group:

Discovery Date: 2022-03-22 09:19

Sector: Engineering

Group:

NSM Insurance Group

Ransomware Group:

Discovery Date: 2022-03-18 20:25

Sector: Financial

Group:

PAN AMERICAN ENERGY S.L. SUCURSAL ARGENTINA

Ransomware Group:

Discovery Date: 2022-03-04 12:23

Sector:

Group:

Steven L. Sugarman & Associates

Ransomware Group:

Discovery Date: 2022-02-25 15:23

Sector:

Group:

Palacios & Asociados

Ransomware Group:

Discovery Date: 2022-02-25 15:23

Sector:

Group:

Sit'N Sleep

Ransomware Group:

Discovery Date: 2022-02-25 15:23

Sector:

Group:

MAS & Coronis Health

Ransomware Group:

Discovery Date: 2022-02-25 15:23

Sector:

Group:

BERMAN SOBIN GROSS & DARBY

Ransomware Group:

Discovery Date: 2022-02-25 15:23

Sector:

Group:

Rocky's Ace Hardware

Ransomware Group:

Discovery Date: 2022-02-25 14:52

Sector:

Group:

Guts Superpols Co., Ltd.

Ransomware Group:

Discovery Date: 2022-02-25 14:52

Sector:

Group:

Ningbo Dechang Electric Machinery Manufacturing Co., Ltd.

Ransomware Group:

Discovery Date: 2022-02-25 14:52

Sector:

Group:

Tite - Live Belgique

Ransomware Group:

Discovery Date: 2022-02-25 14:52

Sector:

Group:

Shanghai Huizhong Automotive Manufacturing Co., Ltd.

Ransomware Group:

Discovery Date: 2022-02-25 14:52

Sector:

Group:

Supernus Pharmaceuticals, NASDAQ: SUPN

Ransomware Group:

Discovery Date: 2022-02-25 14:52

Sector:

Group:

Drake & Scull International PJSC

Ransomware Group:

Discovery Date: 2022-02-25 14:52

Sector:

Group:

Institute For Systems And Robotics (Isr-Lisboa

Ransomware Group:

Discovery Date: 2022-02-25 14:52

Sector:

Group:

Centre D'Odontologia Integrada Miret-Puig

Ransomware Group:

Discovery Date: 2022-02-25 14:52

Sector:

Group:

Hyundai Samho Heavy Industries Co.,Ltd. (South Korea)

Ransomware Group:

Discovery Date: 2022-02-25 14:52

Sector: Manufacturing

Group:

Rodonaves Transportes E Encomendas Ltda

Ransomware Group:

Discovery Date: 2022-02-25 12:23

Sector: Manufacturing

Group:

Eurocoin Interactive B.V.

Ransomware Group:

Discovery Date: 2022-02-25 12:23

Sector:

Group:

Emil Frey

Ransomware Group:

Discovery Date: 2022-02-25 12:23

Sector: Automotive

Group:

Friedrich

Ransomware Group:

Discovery Date: 2022-02-25 12:23

Sector:

Group:

Powerhouse1

Ransomware Group:

Discovery Date: 2022-02-25 12:23

Sector: Business Services

Group:

Doner

Ransomware Group:

Discovery Date: 2022-02-25 12:23

Sector: Advertising, Marketing & Public Relations

Group:

EBM

Ransomware Group:

Discovery Date: 2022-02-25 12:23

Sector:

Group:

ITS InfoCom

Ransomware Group:

Discovery Date: 2022-02-25 12:23

Sector: Information Technology

Group:

Vermeer Southeast

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Unita Locale Socio

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

The British Columbia Institute Of Technology

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Sutterfield Financial Group

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Schuldnerberatung Ostfriesland e. V.

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Sardinha Family Trust

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Sadbhav Engineering Limited

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Ryan Companies

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Résidence Les Chtaigniers

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Powell Transportation

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Northern Financial Services

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Montour School District

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Mele Printing

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Marten Transport

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Macquarie Health Corporation

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Johnson Memorial Health

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Haselden Construction

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Greenway Health

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Florida Sugar Cane League

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Family Christian Health Center

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Erik Buell Racing

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Creative Liquid Coatings INC

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector: Manufacturing

Group:

ConForm Automotive

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Claro Colombia

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Brinkman Turkey Farms

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Brakke Asbestsanering BV

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Bohlke International Airways

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

Advanced Geosciences

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

ANTHONY CATALFANO INTERIORS

Ransomware Group:

Discovery Date: 2022-01-25 15:22

Sector:

Group:

UNICRED

Ransomware Group:

Discovery Date: 2022-01-20 17:24

Sector:

Group:

RIVADIS

Ransomware Group:

Discovery Date: 2022-01-20 17:24

Sector:

Group:

Ezz Steel

Ransomware Group:

Discovery Date: 2022-01-09 23:19

Sector:

Group:

Metro.Us

Ransomware Group:

Discovery Date: 2021-12-28 14:21

Sector:

Group:

WOLSEY

Ransomware Group:

Discovery Date: 2021-12-20 09:18

Sector:

Group:

Madix Inc

Ransomware Group:

Discovery Date: 2021-12-20 08:20

Sector:

Group:

Altus Group

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

Mega Vision

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

HI FLY

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

IBC24 News

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

SS Design

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

GURTEEN

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

Net Ninjas

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

W.H. Stovall

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

Ospray Video

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

GK.NO

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

KBM UK

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

EMCO

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

Aria Systems

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

WAMGROUP

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

XacBank

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

APR Supply

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

Grupo5

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

MediaMarkt

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

GryphTech

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

Raveco

Ransomware Group:

Discovery Date: 2021-12-18 16:06

Sector:

Group:

Missouri Delta Medical Center

Ransomware Group:

Discovery Date: 2021-08-23 00:00

Sector: Healthcare and Public Health

Group:

Memorial Health System

Ransomware Group:

Discovery Date: 2021-08-14 00:00

Sector: Healthcare and Public Health

Group:

×

Infostealer information available for

Employees(s)	Customer(s)	Third Party Employee(s)

This information is provided by HudsonRock

×

/*
Hive ransomware
*/


rule Hive_v3
{
    meta:
        author = "rivitna"
        family = "ransomware.hive"
        description = "Hive v3 ransomware Windows/Linux/FreeBSD payload"
        severity = 10
        score = 100

    strings:
        $h0 = { B? 03 52 DA 8D [6-12] 69 ?? 00 70 0E 00 [14-20]
                8D ?? 00 90 01 00 }
        $h1 = { B? 37 48 60 80 [4-12] 69 ?? 00 F4 0F 00 [2-10]
                8D ?? 00 0C 00 00 }
        $h2 = { B? 3E 0A D7 A3 [2-6] C1 E? ( 0F | 2F 4?)
                69 ?? 00 90 01 00 }

        $x0 = { C6 84 24 ?? 00 00 00 FF [0-14] 89 ?? 24 ?? 00 00 00 [0-6]
                89 ?? 24 ?? 0? 00 00 [0-20] C6 84 24 ?? 0? 00 00 34 }
        $x1 = { C6 44 24 ?? FF [0-14] 89 ?? 24 ?? [0-6] 89 ?? 24 ?? [0-12]
                C6 ( 84 24 ?? 00 00 00 | 44 24 ?? ) 34 }

    condition:
        (((uint16(0) == 0x5A4D) and (uint32(uint32(0x3C)) == 0x00004550)) or
         (uint32(0) == 0x464C457F)) and
        (
            (2 of ($h*)) or (1 of ($x*))
        )
}


rule Hive_ESXI_v3
{
    meta:
        author = "rivitna"
        family = "ransomware.hive.esxi"
        description = "Hive v3 ransomware ESXI payload"
        severity = 10
        score = 100

    strings:
        $h0 = { 48 69 ?? B5 B4 1B 01 48 C1 E? 20 69 ?? 00 70 0E 00 29 ?? }
        $h1 = { 48 69 ?? 25 30 40 00 48 C1 E? 20 69 ?? 00 F4 0F 00 29 ?? }

        $a0 = "\\.(vm|vs)\\w+$\x00" ascii
        $a1 = "vim-cmd vmsvc/getallvms | grep -o -E '^[0-9]+' | xargs -r -n 1 vim-cmd vmsvc/power.off" ascii

        $b0 = "\x00%s.key.%s\x00" ascii
        $b1 = "\x00! export %s" ascii
        $b2 = "\x00+ export %s" ascii
        $b3 = "HOW_TO_DECRYPT.txt\x00" ascii
        $b4 = "\x00+notify /etc/motd\x00" ascii
        $b5 = "\x00+notify %s" ascii
        $b6 = "\x00+ prenotify %s" ascii
        $b7 = "\x00Stopping VMs\x00" ascii

    condition:
        (uint32(0) == 0x464C457F) and
        (
            (2 of ($h*)) or
            ((1 of ($a*)) and (2 of ($b*)))
        )
}


rule Hive_v5
{
    meta:
        author = "rivitna"
        family = "ransomware.hive"
        description = "Hive v5 ransomware Windows/Linux/ESXi payload"
        severity = 10
        score = 100

    strings:
        $h0 = { 00 03 D0 FF 48 01 ?? 48 C1 EA 15 48 69 D2 00 01 D0 FF
                48 01 ?? 8A 04 ?? 32 04 ?? }
        $h1 = { 68 00 FF 2F 00 53 [8-18] 68 00 FD 2F 00 53 [20-32]
                8A 04 ?? 32 04 ?? }
        $h2 = { 8A 04 10 48 8B 94 24 ?? 0? 00 00 32 04 0A
                48 8B 8C 24 ?? 0? 00 00 30 04 29 48 FF C5
                49 39 E? 0F 85 ?? ?? FF FF }
        $h3 = { 8A 04 10 48 8B 8C 24 ?? 0? 00 00 32 04 ?? [0-8]
                ( 41 30 | 30 ) 04 2? 48 FF C5 49 39 E? [0-4]
                0F 85 ?? ?? FF FF }
        $h4 = { 8A 04 01 32 04 16 8B 54 24 ?? 8B B4 24 ?? 0? 00 00
                30 04 3A 47 39 7C 24 ?? 0F 85 ?? ?? FF FF }

    condition:
        (((uint16(0) == 0x5A4D) and (uint32(uint32(0x3C)) == 0x00004550)) or
         (uint32(0) == 0x464C457F)) and
        (
            (1 of ($h*))
        )
}