Derp.ca

Hades

According to PCrisk, Hades Locker is an updated version of WildFire Locker ransomware that infiltrates systems and encrypts a variety of data types using AES encryption. Hades Locker appends the names of encrypted files with the ".~HL[5_random_characters] (first 5 characters of encryption password)" extension.

Linked Threat Actors

GOLD WINTER

C2 Infrastructure

Hosting/VPS100%

Last 7 days

Apr 4, 2026
C2 Hosts: 27

Further Reading

Evil Corp switches to Hades ransomware to evade sanctions

Hades ransomware has been linked to the Evil Corp cybercrime gang who uses it to evade sanctions imposed by the Treasury Department's Office of Foreign Assets Control (OFAC).

bleepingcomputer.com
Big Game Hunting TTPs Continue to Shift After DarkSide Pipeline Attack

Recently, the Intelligence team observed a notable shift in big game hunting (BGH) activity and techniques that resulted in a downward trend of the eCrime Index.

crowdstrike.com
Advanced IP Scanner: the preferred scanner in the A(P)T toolbox

This blogpost is about the forensic traces left by Advanced IP Scanner and how you can detect it in your network

huntandhackett.com