← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Helldown-Donex-Darktrace-Ransomware.
WHITE PetrP.73 2025-03-18 Modified: 2025-03-18
23
IOCs
MEDIUM VOLUME
The Helldown Ransomware group has been identified as a new strain of the malware and I’ve identified a number of unique detection opportunities for the group.
helldownshadows alltree vtdoxnetttpsransomwaredonexdarkrace
Indicators of Compromise (6 / 23 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 191b3b39f3893ea272a45dd42cda297831db58a6 SHA1 of 6d6134adfdf16c8ed9513aba40845b15bd314e085ef1d6bd20040afd42e36e40 2025-03-18
FileHash-SHA1 289f85ca00bd14ccc95fc7d4675470d3211801a9 SHA1 of cb48e4298b216ae532cfd3c89c8f2cbd1e32bb402866d2c81682c6671aa4f8ea 2025-03-18
FileHash-SHA1 51ddad1f418c80205fa4ca1311cd139e24ef55a6 SHA1 of 0bfe25de8c46834e9a7c216f99057d855e272eafafdfef98a6012cecbbdcfabf 2025-03-18
FileHash-SHA1 5de32f3a61dd692340545c3e7085678c2d557064 SHA1 of 7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7 2025-03-18
FileHash-SHA1 6d0a63dd7ce089dd1b25bd3ae544d5fef8515acc SHA1 of 3e3fad9888856ce195c9c239ad014074f687ba288c78ef26660be93ddd97289e 2025-03-18
FileHash-SHA1 b6dd1bc3b9ff8522d97945e2c19d0a2ea9651cf7 SHA1 of 0ec61a80e61f56f460fc42e5d4f0accec2b04c8db98c28ed4534946214076f2a 2025-03-18
References (1)
↗ https://medium.com/detect-fyi/helldown-donex-darktrace-ransomware-fd8683b7d135