PanelActoresCampanasMapaTTPs
Panel » Actores » helldown
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
helldown logo

helldown

1 incidentes 0 paises 1 sectores ransomware Ultimo: 2026-06-25
Ver en IntelTracker → APTTrail →
Helldown is a ransomware group that emerged in August 2024. The group targets various sectors, including healthcare, IT services, telecommunications, manufacturing, museums, cargo transport, and network equipment manufacturers like Zyxel. Their operational model is characterized by 'living off the land' techniques, leveraging existing legitimate system tools rather than dedicated command-and-control frameworks. Helldown employs a double extortion strategy, exfiltrating sensitive data and threatening its publication if ransom demands are not met. The group has also expanded its focus to include Linux systems and VMware ESXi servers, and its Windows ransomware variant has been noted to share code similarities with LockBit3.0.
Tecnicas MITRE
T1105, T1562.001, T1078.003, T1486, T1021.001, T1003

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Victimas
0
TTPs unicas
0
Info robada historica
N/D
Rescates reclamados
N/D
Pagos detectados
N/D

Paises objetivo (SOCRadar)

AustriaAustraliaBrazilCanadaSwitzerlandCzech RepublicGermanyDenmarkFranceUnited Kingdom

Sectores atacados

Healthcare (1)

Sectores objetivo (SOCRadar)

Construction of BuildingsFood ManufacturingOther Information ServicesRail TransportationSoftware PublishersReal EstateHospitalsAir TransportationManufacturingConstruction

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com