Derp.ca

HiddenTear

Also known as: Cryptear, FuckUnicorn

HiddenTear is an open source ransomware developed by a Turkish programmer and later released as proof of concept on GitHub. The malware generates a local symmetric key in order to encrypt a configurable folder (/test was the default one) and it sends it to a centralized C&C server. Due to its small payload it was used as real attack vector over email phishing campaigns. Variants are still used in attacks.

C2 Infrastructure

Hosting/VPS 78%
Business 11%
Unknown 11%

Last 7 days

Jun 7, 2026
C2 Hosts: 1
Jun 5, 2026
C2 Hosts: 1
Jun 4, 2026
C2 Hosts: 1
Jun 3, 2026
C2 Hosts: 6

Further Reading

dissectingmalwa.re opens in a new tab
dissectingmalwa.re
github.com opens in a new tab
github.com
twitter.com opens in a new tab
twitter.com
twitter.com opens in a new tab
twitter.com
utkusen.com opens in a new tab
utkusen.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
bleepingcomputer.com opens in a new tab
bleepingcomputer.com
crowdstrike.com opens in a new tab
crowdstrike.com
linkedin.com opens in a new tab
linkedin.com
slideshare.net opens in a new tab
slideshare.net
tripwire.com opens in a new tab
tripwire.com