← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Helldown-Donex-Darktrace-Ransomware.
WHITE PetrP.73 2025-03-18 Modified: 2025-03-18
23
IOCs
MEDIUM VOLUME
The Helldown Ransomware group has been identified as a new strain of the malware and I’ve identified a number of unique detection opportunities for the group.
helldownshadows alltree vtdoxnetttpsransomwaredonexdarkrace
Indicators of Compromise (23)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0260ec99d6d28c5c88f3fbce1de70772 MD5 of cb48e4298b216ae532cfd3c89c8f2cbd1e32bb402866d2c81682c6671aa4f8ea 2025-03-18
FileHash-MD5 140aad1f823157222af3da2d23de8789 MD5 of 7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7 2025-03-18
FileHash-MD5 5e7f5bb24a7cdaabcf3d2e77ed31fa4e MD5 of 0bfe25de8c46834e9a7c216f99057d855e272eafafdfef98a6012cecbbdcfabf 2025-03-18
FileHash-MD5 99109eb335db668094278d1953aff94f MD5 of 0ec61a80e61f56f460fc42e5d4f0accec2b04c8db98c28ed4534946214076f2a 2025-03-18
FileHash-MD5 be37cd010227d7b953b07b93d2e5dadc MD5 of 3e3fad9888856ce195c9c239ad014074f687ba288c78ef26660be93ddd97289e 2025-03-18
FileHash-MD5 cfc7b4d9933483c25141ba49b4d5755e MD5 of 6d6134adfdf16c8ed9513aba40845b15bd314e085ef1d6bd20040afd42e36e40 2025-03-18
FileHash-SHA1 191b3b39f3893ea272a45dd42cda297831db58a6 SHA1 of 6d6134adfdf16c8ed9513aba40845b15bd314e085ef1d6bd20040afd42e36e40 2025-03-18
FileHash-SHA1 289f85ca00bd14ccc95fc7d4675470d3211801a9 SHA1 of cb48e4298b216ae532cfd3c89c8f2cbd1e32bb402866d2c81682c6671aa4f8ea 2025-03-18
FileHash-SHA1 51ddad1f418c80205fa4ca1311cd139e24ef55a6 SHA1 of 0bfe25de8c46834e9a7c216f99057d855e272eafafdfef98a6012cecbbdcfabf 2025-03-18
FileHash-SHA1 5de32f3a61dd692340545c3e7085678c2d557064 SHA1 of 7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7 2025-03-18
FileHash-SHA1 6d0a63dd7ce089dd1b25bd3ae544d5fef8515acc SHA1 of 3e3fad9888856ce195c9c239ad014074f687ba288c78ef26660be93ddd97289e 2025-03-18
FileHash-SHA1 b6dd1bc3b9ff8522d97945e2c19d0a2ea9651cf7 SHA1 of 0ec61a80e61f56f460fc42e5d4f0accec2b04c8db98c28ed4534946214076f2a 2025-03-18
FileHash-SHA256 0bfe25de8c46834e9a7c216f99057d855e272eafafdfef98a6012cecbbdcfabf 2025-03-18
FileHash-SHA256 0ec61a80e61f56f460fc42e5d4f0accec2b04c8db98c28ed4534946214076f2a 2025-03-18
FileHash-SHA256 3e3fad9888856ce195c9c239ad014074f687ba288c78ef26660be93ddd97289e 2025-03-18
FileHash-SHA256 6d6134adfdf16c8ed9513aba40845b15bd314e085ef1d6bd20040afd42e36e40 2025-03-18
FileHash-SHA256 7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7 2025-03-18
FileHash-SHA256 a02ef4063430d0607e0e7b23ea7c5bf19fad9a09a12565c6745b350b00362be6 2025-03-18
FileHash-SHA256 cb48e4298b216ae532cfd3c89c8f2cbd1e32bb402866d2c81682c6671aa4f8ea 2025-03-18
URL http://onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion 2025-03-18
domain dissect.ing 2025-03-18
domain onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion 2025-03-18
hostname blog.sekoia.io 2025-03-18
References (1)
↗ https://medium.com/detect-fyi/helldown-donex-darktrace-ransomware-fd8683b7d135