Ransomware.live: medusalocker

| Active

Medusa is a DDoS bot written in .NET 2.0. In its current incarnation its C&C protocol is based on HTTP, while its predecessor made use of IRC.

Victims

First Discovered

2022-11-15

victim

Last Discovered

2026-05-05

victim

Inactive Since

days

Avg Delay

83.1

days

Infostealer

39.3%

victims with domain

Countries

hit

View Victims on World Map View Group Statistics

Attack Velocity — Last 12 months

15 victims this month

Known Locations (5)

Title	Available	Last Visit	Server Info	FQDN
	No	2026-05-13T22:35:11		`qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion`
Ransomware blog – We will not give ourselves a name. Just watch out for the leakage of your data:)	No	2026-04-28T07:27:23		`z6wkgghtoawog5noty5nxulmmt2zs7c3yvwr22v4czbffdoly2kl4uad.onion`
Medusa Chat	No	2026-04-28T07:22:16		`95.143.191.148:3000`
Human Verify	No	2026-04-28T07:29:55		`medusaxko7jxtrojdkxo66j7ck4q5tgktf7uqsqyfry4ebnxlcbkccyd.onion`
File Manager	Yes	2026-05-13T22:36:37	nginx 1.24.0	`t33zoj4qwv455fog7qnb2azi5xcdxkixughmmduzbw2rtdgryqfbh6id.onion`

Target

Heatmap

Ransom Notes (1)

Tools Used

This information is provided by Ransomware-Tool-Matrix
Discovery	RMM Tools	Defense Evasion	Credential Theft	OffSec	Networking	LOLBAS	Exfiltration
Advanced IP Scanner Advanced Port Scanner SoftPerfect NetScan	Remote Desktop Plus (RDP+) placeholder placeholder	HRSword PCHunter ProcessHacker	Invoke-TheHash Mimikatz placeholder	Impacket placeholder placeholder	placeholder placeholder placeholder	PsExec placeholder placeholder	placeholder placeholder placeholder

TTPs Matrix (1)

This information is provided by Crocodyli & Ransomware.live
Privilege Escalation
Parent PID Spoofing

YARA Rules (1)

Indicators of Compromise (IoCs) (25)

Email 2 Hash SHA256 20 Registry Key 1 tox 2

Type	IOC
`Email`	`ithelp07@decorous.cyou`
`Email`	`ithelp07@wholeness.business`
`Hash SHA256`	`012657c4548d9c98223caa4cc7aa52fc083d6983d42fde16ca3271412e7fe3fe`
`Hash SHA256`	`1e9246e6a35731143368eaa0ade4f3cf576d6b22e6090152f6e94f1fa3070651`
`Hash SHA256`	`1f2df15442593b159e45d16a27e4d43d3a9062da212a588ba4c048f214a0b7be`
`Hash SHA256`	`270c3354b3ee2940b499e365eaba143fba9d458f434dc38e663dc0f08e96121e`
`Hash SHA256`	`2eddfe711c32ef1668e14a10d00452c83c29e394e17c41f491550a1583c1bcac`
`Hash SHA256`	`33a8024395c56fab4564b9baef1645e505e00b0b36bff6fad3aedb666022599a`
`Hash SHA256`	`364f1b7466d8e4c9f55294ecf1f874c763bcf980c59b0250c613ac366def6aca`
`Hash SHA256`	`48046fb0e566f5a2d184f84b76d6cadc458762556daed0ae4a3a1200afbefb54`
`Hash SHA256`	`5d5d639fdfbf632bb7d9f1bb28731217d09d36078ab5e594baf2a5a41267a5d2`
`Hash SHA256`	`63eb3d2886d9cb880c9b0d54b94f3e149b3b5b6215a33a0ef63588a09dcd4499`
`Hash SHA256`	`6ae3a58a78be9c606009c657de4e390538b21ad951e62b6f4d31138e1a75732c`
`Hash SHA256`	`759b96f44806578cc0836a3a2bf11c8bc553effac72f8d28b94aec78b66be906`
`Hash SHA256`	`86b4d075d5bd0c49cbb21fd43935789b6612a2165273cc158dd0607b68941d04`
`Hash SHA256`	`8bc455e5de35290f8a94376357947bd72aaf6f4d452c25a8ef444e037ef76b9f`
`Hash SHA256`	`8edbb1944d94ff91ee917c31590b6d1d5690a52fc153e44355ee9749aa0f4625`
`Hash SHA256`	`9f066975f1e02b29c7c635280f405c59704ce4f4e06b04e9ac8a7eac22acd3c7`
`Hash SHA256`	`b8c994e3ed7dcc9080916119ddc315533c129479f508676d7544b82b2e24745f`
`Hash SHA256`	`c0c726a23111c220d022fcd01a85f9788249e42baece03f83b6059170453b801`
`Hash SHA256`	`d00f7cf6af68ba832b9d364f28411346cfe66fd3b1f5bcac318766add29ff7f0`
`Hash SHA256`	`dc4840a0992b218cbedd5a7ac5c711cb98f1f9e78a8ffdea37c694061dfd34c6`
`Registry Key`	`HKLM\SOFTWARE\PAIDMEMES\{PUBLIC,PRIVATE}`
`tox`	`7C564920870C0D33535D2012ECDDE389FE25BAF7AF427DD584EE39C04AF8CF024F8BFA93D8DB`
`tox`	`E9CD65687463F67F64937E961DD723DC82C79CB548375AAE8AA4A0698D356C5E7E157B22E8CD`

Victims (67)

Elken Sdn Bhd

Medusalocker

Discovered: 2026-05-05 (8d ago)

MLM / health & beauty products company. ~16k emails extracted.…

Bandeirante Supermercados

Medusalocker

Discovered: 2026-05-05 (8d ago)

Brazilian supermarket chain.…

Strategic Imports

Medusalocker

Discovered: 2026-05-05 (8d ago)

Australian auto parts/batteries importer. Brands: Strategic Imports, Auto Parts Now, Discount Batter…

Magnolia (Israel)

Medusalocker

Discovered: 2026-05-05 (8d ago)

Israeli jewelry company. Silver & accessories, participates in Vicenza jewelry fair (2025/2026). Sel…

Trimble Inc / Gerrard Inc

Medusalocker

Discovered: 2026-05-05 (8d ago) · Attack est.: 2025-11-07

Technology company Trimble (trimble.com) and Gerrard Inc (gerrardinc.com). ~18 Trimble email address…

Atencio Engineering

Medusalocker

Discovered: 2026-05-05 (8d ago)

Civil engineering & land surveying firm. Services: site plans, boundary surveys, OWTS (septic) desig…

SIT Group / Robusta

Medusalocker

Discovered: 2026-05-05 (8d ago)

Italian company SIT Group (sitgroup.it) and Bulgarian Robusta (robusta.bg). Also abv.bg emails.…

Desert Christian Schools (DCS)

Medusalocker

Discovered: 2026-05-05 (8d ago)

K-12 Christian school affiliated with First Baptist Church of Lancaster, CA. ADP payroll, DCFS child…

CourtSmart

Medusalocker

Discovered: 2026-05-05 (8d ago)

Court technology company. Domain courtsmart.com / COURTSMART2. Dev server: dev-rich20.courtsmart.com…

Hathcock (Personal)

Medusalocker

Discovered: 2026-05-05 (8d ago)

Personal comprehensive reports. Individuals: Noel Ray Hathcock, Trinity John Hathcock.…

ActionAid / TACOSA

Medusalocker

Discovered: 2026-05-05 (8d ago)

NGO sector. Domains: actionaid.org, tacosa.org.za, immigration.go.tz.…

Palmers Relocations

Medusalocker

Discovered: 2026-05-05 (8d ago)

Australian international removals & relocation company. FIDI accredited, ISO 9001:2015 certified. Se…

Académie de Montpellier / CSJM

Medusalocker

Discovered: 2026-05-05 (8d ago)

French public school network. Domain CSJM.BEZIERS, part of Académie de Montpellier (ac-montpellier.f…

Colegio María Inmaculada (CMI)

Medusalocker

Discovered: 2026-05-05 (8d ago)

Catholic school in Moravia, Costa Rica. Domain cmi.local / mariainmaculada.ed.cr. Servers: CMI-DC01,…

CEAGESP / Netfeirasp

Medusalocker

Discovered: 2026-05-05 (8d ago)

Brazilian produce wholesale market network. Domain netfeirasp.ceagesp (CEAGESP). Also demarchibrasil…

Raycolighting

Medusalocker

Discovered: 2026-05-05 (8d ago)

Organization with 2 emails extracted. Domain: raycolighting.com…

dulay.ca

Medusalocker

Discovered: 2025-11-18 (5mo ago) · Attack est.: 2025-11-17

Price-$40000 (sale in one hand there are options for making a profit from these files will be includ…

usenergy

Medusalocker

Discovered: 2025-09-14 (8mo ago)

Price-$120000 (sale in one hand there are options for making a profit from these files will be inclu…

UnigazJordan

Medusalocker

Discovered: 2025-05-30 (11mo ago)

www.unigaz.net $690.6 Million The list of files is available at the link https://dropmefiles.com/9HG…

Mulia Raya

Medusalocker

Discovered: 2025-05-29 (11mo ago)

www.muliaraya.co.id $34.8 Million The list of files is available at the link https://dropmefiles.com…

Curtain Bluff

Medusalocker

Discovered: 2025-03-25 (1y ago)

www.curtainbluff.com Curtain Bluff files Vacationer information (personal data), audit information (…

Inversiones Clinica Del Meta SA

Medusalocker

Discovered: 2025-02-28 (1y ago)

www.clinicameta.co Description employee information – patient information – agreements – password da…

MICRO MANUFACTRING

Medusalocker

Discovered: 2025-02-12 (1y ago) · Attack est.: 2025-02-05

Micro Manufacturing Inc. Descriptionemployee information – agreement – customer email(.xls)-.msg out…

bendixengineering

Medusalocker

Discovered: 2025-01-09 (1y ago) · Attack est.: 2024-12-28

Descriptionemployee information – agreement – customer email(.xls)-.msg outlook files Data-2016-2024…

SILKNET COMPANY

Medusalocker

Discovered: 2024-11-26 (1y ago)

URL:https://silknet.com https://geocell.ge/ On sale:Company email base(about 1tb)Customer dataCompan…

Protected: HIDE NAME

Medusalocker

Discovered: 2024-05-09 (2y ago)

There is no excerpt because this is a protected post.…

SHAMASS.ORG

Medusalocker

Discovered: 2024-05-02 (2y ago) · Attack est.: 2024-04-22

Descriptionemployee information – agreement – customer email(.xls)-.msg outlook files Price-$50000 (…

Protected: HIDE NAME SELL DATA SOON

Medusalocker

Discovered: 2024-04-26 (2y ago) · Attack est.: 2024-04-25

There is no excerpt because this is a protected post.…

Protected: Name is hidden

Medusalocker

Discovered: 2023-11-29 (2y ago)

There is no excerpt because this is a protected post.…

skalar.com

Medusalocker

Discovered: 2023-11-29 (2y ago)

There is no excerpt because this is a protected post.…

Ada-Borup-West School

Medusalocker

Discovered: 2023-10-23 (2y ago)

Descriptionemployee information – student information – all contracts Price: 35000$…

wellons.org

Medusalocker

Discovered: 2023-10-23 (2y ago)

Descriptionemployee information – agreement – customer email(.xls)- pst files 15+GB all outlook mess…

Confidential files

Medusalocker

Discovered: 2023-10-02 (2y ago)

A large number of documents of large companies are available for sale Revenue-$10-$70kk Financial do…

INSULCANA CONTRACTING LTD

Medusalocker

Discovered: 2023-08-03 (2y ago) · Attack est.: 2023-07-27

Descriptionemployee information – agreement – customer email(.xls)- passport all canada and other do…

Protected: INSULCANA CONTRACTING LTD

Medusalocker

Discovered: 2023-07-27 (2y ago)

There is no excerpt because this is a protected post.…

Protected: Hidden name

Medusalocker

Discovered: 2023-07-17 (2y ago)

There is no excerpt because this is a protected post.…

Hoosier Equipment company

Medusalocker

Discovered: 2023-07-04 (2y ago)

DescriptionClient Case – agreement – email(.msg)- and other documents Price: 60000$…

Ucamco Belgium

Medusalocker

Discovered: 2023-07-02 (2y ago)

DescriptionClient Case – customers email-Audit information-There is also access to email for newslet…

reutlingen.ihk.de

Medusalocker

Discovered: 2023-06-24 (2y ago) · Attack est.: 2023-06-16

DescriptionClient Case – agreement – email(.msg)- contracts – and other documents PRICE-$80000…

Hausamman company

Medusalocker

Discovered: 2023-06-24 (2y ago) · Attack est.: 2023-06-16

DescriptionClient Case – customers email-documents PRICE-$20000…

kafflogistic.hu

Medusalocker

Discovered: 2023-06-24 (2y ago) · Attack est.: 2023-06-17

DescriptionClient Case – agreement – email(outlook files)- contracts – and other documents PRICE-$50…

SELL DATA(qtox)

Medusalocker

Discovered: 2023-06-24 (2y ago) · Attack est.: 2023-06-17

Available for sale: to buy please contact qtox price negotiable qtox-E9CD65687463F67F64937E961DD723D…

Jalux Americas, Inc.

Medusalocker

Discovered: 2023-06-14 (2y ago) · Attack est.: 2021-11-03

DescriptionClient Case – agreement – email(.msg) – and other documents Price: 160000$The company fai…

arborsct.com

Medusalocker

Discovered: 2023-06-14 (2y ago)

DescriptionClient Case – agreement – email(.msg)- and other documents Price: 60000$ One copy will be…

Salmon Software

Medusalocker

Discovered: 2023-06-03 (2y ago) · Attack est.: 2022-07-11

DescriptionClient Case – agreement – email(.msg)- passport- and other documents Price: 120000$ Three…

LETAPE JEUNES

Medusalocker

Discovered: 2023-06-03 (2y ago) · Attack est.: 2023-06-02

DescriptionClient Case – agreement – email(.msg)- contracts – and other documents(passports) PRICE-$…

bsw-architects.com

Medusalocker

Discovered: 2023-04-11 (3y ago)

DescriptionClient Case – agreement – email(.msg)- contracts – and other documents PRICE-$80000 There…

DGLEGAL

Medusalocker