Ransomware Attack Update for the 22nd of December 2025
Ransomware Attack Update for the 22nd of December 2025
Ransomware Attack Update for the 19th of December 2025
Ransomware Attack Update for the 22nd of December 2025
⚠️ The Weekly Whiskey - Christmas Edition! 12/22/2025 This is a 1:1 copy from Dread user /u/samwhiskey
The Weekly Whiskey - Christmas Edition! 12/22/2025
🚨 Fraud Shop: RONDA Clearnet: rondastore[.]org Dark Web: r4hyxmieadsyhnqzccmib45qtwa3x74gpnp24ovicuiuc5jzj3jxj2ad[.]onion IP: 5[.]188[.]86[.]67 ASN: 49453 Org: Global Layer B.V. Ports: 80, 443, 2947 Server: nginx/1.18.0 (Ubuntu) Port 2947: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.13 Invalid SSH identification string. image
SantaStealer IOCs courtesy of Rapid7;
Rapid7
SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground Forums | Rapid7 Blog
Rapid7 Website
 SantaStealer DLLs with exported symbols (SHA-256): ▪️1a277cba1676478bf3d47bec97edaa14f83f50bdd11e2a15d9e0936ed243fd64 ▪️abbb76a7000de1df7f95eef806356030b6a8576526e0e938e36f71b238580704 ▪️5db376a328476e670aeefb93af8969206ca6ba8cf0877fd99319fa5d5db175ca ▪️a8daf444c78f17b4a8e42896d6cb085e4faad12d1c1ae7d0e79757e6772bddb9 ▪️5c51de7c7a1ec4126344c66c70b71434f6c6710ce1e6d160a668154d461275ac ▪️48540f12275f1ed277e768058907eb70cc88e3f98d055d9d73bf30aa15310ef3 ▪️99fd0c8746d5cce65650328219783c6c6e68e212bf1af6ea5975f4a99d885e59 ▪️ad8777161d4794281c2cc652ecb805d3e6a9887798877c6aa4babfd0ecb631d2 ▪️73e02706ba90357aeeb4fdcbdb3f1c616801ca1affed0a059728119bd11121a4 ▪️e04936b97ed30e4045d67917b331eb56a4b2111534648adcabc4475f98456727 ▪️66fef499efea41ac31ea93265c04f3b87041a6ae3cd14cd502b02da8cc77cca8 ▪️4edc178549442dae3ad95f1379b7433945e5499859fdbfd571820d7e5cf5033c SantaStealer EXEs (SHA-256): ▪️926a6a4ba8402c3dd9c33ceff50ac957910775b2969505d36ee1a6db7a9e0c87 ▪️9b017fb1446cdc76f040406803e639b97658b987601970125826960e94e9a1a6 ▪️f81f710f5968fea399551a1fb7a13fad48b005f3c9ba2ea419d14b597401838c SantaStealer C2s: ▪️31[.]57[.]38[.]244:6767 (AS 399486) ▪️80[.]76[.]49[.]114:6767 (AS 399486) image
I did a minor CSS refresh on the Ransomware Notes
Ransomware Notes – View Real Ransomware Extortion Notes
🚨 New DarkForums Clearnet Domain: darkforums[.]io New DarkForums Telegram Chat: https://t[.me/DarkForums_HN Telegram News Channel: https://t[.me/DarkForumsNews image