Ranson Note: KILLADA

Sponsored by Hudson Rock – Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

============================================================

  [!] This machine has been protected by Killada Encrypter.
  [!] Your files have been encrypted with ChaCha20-GHASH.

  Hostname: [snip]

============================================================

  KILLADA ID:
  [snip]

============================================================

  Contact Killada Operators to obtain a decryption key.

  Onion addresses (Tor Browser):
  1. killadaayyuzdshwskrnsvh5owzuwa4yj7gs2vbhkcjpfslrplfgwwqd.onion
  2. killadaxczzw3wnuaxkygib67lk2qkgnki4gyjqoo76vh53egitoyaqd.onion
  3. killadax36r6bbb3md67ekcfv5yasdlnoaklyag66ot4tefa32ywgnyd.onion
  4. killadahaynpqrkppe2m2tgindbruaeiefzr7pm3cp47tzohhhnogwad.onion
  5. killada7qgdpvzpezjxaa64b47bz47hzbn6oql5aa4lppzzwymnukqqd.onion
  6. killada5556ahpb4cwmatv5qpzku2qmdlwawshtykpq37cvfva7zjhid.onion

                                               KILLADA SEC
============================================================

Indicators of Compromise

Type	IOC
`onion url`	http://killada5556ahpb4cwmatv5qpzku2qmdlwawshtykpq37cvfva7zjhid.onion
`onion url`	http://killada7qgdpvzpezjxaa64b47bz47hzbn6oql5aa4lppzzwymnukqqd.onion
`onion url`	http://killadaayyuzdshwskrnsvh5owzuwa4yj7gs2vbhkcjpfslrplfgwwqd.onion
`onion url`	http://killadahaynpqrkppe2m2tgindbruaeiefzr7pm3cp47tzohhhnogwad.onion
`onion url`	http://killadax36r6bbb3md67ekcfv5yasdlnoaklyag66ot4tefa32ywgnyd.onion
`onion url`	http://killadaxczzw3wnuaxkygib67lk2qkgnki4gyjqoo76vh53egitoyaqd.onion

Ransom Note: KILLADA_README.txt

Indicators of Compromise

Ransom Note: `KILLADA_README.txt`