Ransomware Intelligence

kairos

Ransomware group profile

65Victims
RussiaSource country
88Impact score
Also Known As
Kairos Extortion Group

Description

Kairos is a financially motivated cyber extortion group that emerged in November 2024, primarily focusing on data theft and extortion rather than traditional ransomware tactics. Their strategy leverages the threat of data exposure to pressure victims into compliance while employing psychological manipulation tactics to maximize ransom payments.

Key insights

  • Kairos employs initial access brokers and exploits vulnerable remote services to gain access to victim networks.
  • The group exfiltrates sensitive data and threatens public disclosure to extract ransom payments from victims.
  • RClone, a legitimate file transfer utility, is a key tool utilized for data staging and exfiltration.
  • Kairos meticulously clears Windows Event Logs to evade detection during their operations.
  • They tailor ransom demands based on the financial capacity of the target and offer discounts for immediate payment.

Industries

EducationEnergy & UtilitiesFinancial ServicesGovernment & DefenseHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnologyTransportation

Threat Level & Status Breakdown

For kairos · Based on incidents in selected period

3threat level
Aggressiveness5/ 10
Lethality0/ 10
Criticality4.1/ 10

Status Breakdown

Claimed67.7%44
First seenJun 2025
Last seenMay 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 22, 2026

Recent activity

Monthly attack count for kairos in the selected period

65Total attacks
9peak in Sep
5.9avg / month
↓ 1 vs first month
JunJulAugSepOctNovDecFebMarAprMay036912

Intelligence

IOCs, YARA/Sigma rules, and related families for kairos

  1. https://www.realtaxcanada.com/en/home-en/
  2. http://portail.prelco.ca/
  3. http://www.rrib.com
  4. https://www.saglobal.com/en-us/error-404-page.html
  5. http://45.88.9.60/fuckjewishpeople.arm6
  6. http://176.65.139.17/main_arm6
  7. https://hitechpiping.ca/products-by-brand/superklean/
  8. http://www.compactmould.com/
  9. https://www.norpak.com/comparing-slider-beds-and-roller-beds-for-conveyor-belts/blog.html
  10. http://www.sun-rich.com/products/retail/portion-packs
  11. http://42.227.201.5:34238/i
  12. https://m9r3p.mint4pack.coupons/hwgbd
  13. https://www.ayakitchens.com/company/locations/barrie.html
  14. http://5.59.248.236/bins/kworkerd0
  15. http://157.245.203.34/ambatukam/rizzx.arm6
  16. https://www.canstarrestorations.com/covid
  17. http://telecom.charlesjones.ca/e/
  18. http://www.metal7.com/en/contact
  19. https://www.phantomsecurity.ca/
  20. http://119.185.191.219:46577/i
  21. https://www.canstarrestorations.com/non
  22. http://61.52.112.163:45225/i
  23. http://www.keelewarehousing.com/appt_request.php
  24. https://kiwinode.kiwi5pack.coupons/batch_id
  25. http://212.85.24.46:84/iran.armv7l
  26. http://222.142.245.211:48528/bin.sh
  27. http://brebeuf.org/api/events/in_range/?from=2018-08-21&to=2018-08-21
  28. https://www.evergreensd50.com/
  29. http://42.226.75.86:52139/i
  30. http://113.218.212.74:81/info.zip
  31. http://proxyzabc.zabc.net/bins/ethd0
  32. https://outpost.military423pudd.coupons/5d0t6
  33. http://www.comark.ca/
  34. http://www.triple8.ca/?page_id=446
  35. http://www.kingswoodpark.ca/samsneads/specials
  36. http://www.hitechpiping.ca/
  37. http://117.241.55.221:44839/i
  38. http://www.sea-delight.ca/
  39. https://kivibros.com/join-our-team/
  40. http://113.237.54.202:45505/bin.sh
  41. https://www.compactmould.com/contact-us/
  42. http://tims.com/faq/
  43. http://www.supersave.ca
  44. http://cpcontacts.sierraconstruction.ca
  45. https://boxstream.pack1kiwi.coupons/sort_data
  46. http://thecsi.com/index.html
  47. https://charlesjones.ca/products/
  48. http://110.36.80.163:51174/i
  49. https://www.northernontariowires.com
  50. http://119.179.249.211:51247/bin.sh
  51. http://115.52.34.18:43480/i
  52. https://a5v9n.box3pear.coupons/tn27w4lmo
  53. http://www.hitechpiping.ca/hws/_catalogs/goodyear-chemresischart.pdf
  54. http://5.59.248.236/bins/kintegrity0
  55. http://cccm.bc.ca/email_sig/email-click.html
  56. http://117.209.87.210:60087/bin.sh
  57. http://www.mcwilliamsmoving.com/lindsay/
  58. http://157.230.43.57/ambatukam/rizzx.x86_64
  59. http://123.9.244.125:57505/i
  60. http://conwest.com/about/
  61. http://123.13.30.127:40551/i
  62. http://117.248.26.62:38730/i
  63. https://www.renmarkfinancial.com/companies/pan-american-silver-corp
  64. http://115.50.187.108:44497/i
  65. http://83.60.162.163/info.zip
  66. http://42.225.229.29:41414/i
  67. http://157.230.43.57/ambatukam/rizzx.ppc
  68. http://91.92.243.29/klob
  69. http://182.120.15.87:35648/bin.sh
  70. http://112.248.109.127:42347/i
  71. http://27.37.27.235:53783/i
  72. http://media.norseman.ca/
  73. https://sunrise-soya.com/contact
  74. http://182.116.83.228:52613/bin.sh
  75. http://115.51.90.36:57316/i
  76. http://phantomsecurity.ca/contact-us
  77. https://maxvaluecredits.com/vehicle-loan/
  78. https://www.centaurproducts.com/
  79. http://dwgra.com/office-properties/
  80. http://42.226.75.86:52139/bin.sh
  81. http://103.251.236.118/b
  82. http://cpcalendars.sierraconstruction.ca
  83. http://222.142.245.211:48528/i
  84. http://www.baisyaakov.ca/
  85. http://115.50.90.190:50179/i
  86. http://42.58.45.22:41356/bin.sh
  87. http://27.102.137.81/main_arm
  88. http://115.55.4.44:42657/i
  89. http://dwgra.com/property/crea/11106-fourth-line-halton-hills-ontario/25178590
  90. http://27.102.137.81/main_ppc
  91. http://121.73.162.104:8082/sshd
  92. https://sunrise-soya.com/recipe/west
  93. http://27.200.13.91:38927/bin.sh
  94. http://st.ravand.com/speedtest/upload.php
  95. http://45.88.9.60/fuckjewishpeople.arm7
  96. http://103.116.52.126/arc
  97. https://www.cdev.gc.ca/
  98. http://www.camdon.ca/project_gallery/cardium-well-servicing-drayton-valley
  99. http://82.26.74.181/iran.armv7l
  100. http://182.127.126.174:56633/i
  101. http://182.126.208.145:45313/bin.sh
  102. http://110.37.0.37:44876/bin.sh
  103. http://icerivergreenbottleco.com/wp-includes/css/dist/block-library
  104. http://182.122.172.65:33619/bin.sh
  105. https://dwgra.com/property/crea/14177-trafalgar-road-halton-hills-ontario/26763662/
  106. http://84.15.155.121:13201/i
  107. http://157.245.203.34/ambatukam/rizzx.ppc
  108. http://27.207.229.127:38342/i
  109. http://www.confortchem.com/
  110. https://cpcalendars.sierraconstruction.ca
  111. http://124.135.134.101:57725/bin.sh
  112. http://110.36.65.9:49550/i
  113. http://27.222.77.251:32872/i
  114. http://180.116.248.47:36359/bin.sh
  115. https://www.northernontariowires.com/2025costofserviceapplication
  116. https://crate.mint4pack.coupons/onpgh
  117. http://www.prelco.ca/architectural/navgeneral/carriere/
  118. https://technikel.ca/phishing
  119. http://www.strategicobjectives.com
  120. http://222.141.74.230:56422/i
  121. https://hitechpiping.ca/privacy
  122. https://sunrise-soya.com/recipe/beer
  123. https://www.pandarose.ca/
  124. http://148.113.3.160/1.sh
  125. https://www.renmarkfinancial.com/services
  126. https://www.eastplats.com/sustainability/environment/
  127. http://icerivergreenbottleco.com/wp-content/plugins/child-theme-generator/public/js
  128. http://www.dwllp.ca/
  129. http://116.140.128.14:54682/i
  130. http://www.hamptonsecurities.com/
  131. https://can.mattandsteve.com/
  132. http://www.alliancemercantile.com/
  133. http://31.28.107.131:47342/.i
  134. http://assetlabs.com:1/
  135. http://controlgmc.com/fds1500/
  136. http://proxyzabc.zabc.net/bins/kintegrity0
  137. http://182.127.113.65:50013/i
  138. http://42.224.125.84:51352/i
  139. https://www.lasalleinc.com/leadership-team.php
  140. http://222.140.157.130:59377/bin.sh
  141. http://116.75.205.46:55993/i
  142. https://lookheat.nightvision.coupons/sight_ref
  143. http://123.11.13.12:50879/i
  144. http://182.119.6.41:36745/i
  145. http://ravku.com/ambatukam/rizzx.mpsl
  146. https://workdeck.murta46unprin.coupons/task_file
  147. http://www.iibg.ca/
  148. https://www.smtlawyers.ca/our-team
  149. http://mtl.deschampsimp.com/
  150. http://ravku.com/ambatukam/rizzx.x86_64
  151. http://lstlaw.ca/
  152. http://157.230.43.57/ambatukam/rizzx.arm6
  153. http://www.duttonbrock.com/team/melissa-mile
  154. http://157.85.69.255:56777/.i
  155. https://haes.ca/high-arctic-announces-2023-fourth-quarter-and-year-end-financial-and-operating-results-and-provides-update-on-plan-to-reorganize/
  156. http://119.179.237.134:36780/i
  157. http://www.dezinecorp.com/ceramics
  158. https://uwock.ca/united-ways-funding-into-the-community/
  159. http://123.4.44.15:48823/bin.sh
  160. https://www.sabre.ca
  161. http://27.102.137.81/main_arm5
  162. http://confortchem.com/~pussy1/verification/leech/update/chase/index.htm
  163. http://maxvaluecredits.com/scripts/public/****
  164. https://dezinecorp.com/stanley-classic-trigger-action-mug
  165. http://www.phoenixlabs.com/
  166. http://82.26.74.181/iran.armv4l
  167. http://115.63.17.254:36468/i
  168. http://42.5.229.233:50685/bin.sh
  169. http://218.91.138.209:36980/i
  170. http://103.251.236.118/multi/bins/mips
  171. https://supersave.ca/roll-off-bin-rentals/
  172. http://rogitex.com/~pussy1/verification/leech/update/chase
  173. https://globalpath.ship9fig.coupons/route_map
  174. http://confortchem.com/~pussy1/verification/leech/update/chase/
  175. https://www.sabre.ca/
  176. http://123.8.15.241:47665/i
  177. http://175.167.95.195:33887/bin.sh
  178. http://96.44.159.143/201/88sf78f78f38287s7f7d887fg8d8g87g87d8fg8dfg78dfdg7878.hta
  179. http://144.172.108.230/bins/mynode.armv5l
  180. https://triella.com/threatlocker
  181. http://94.236.180.235:53923/i
  182. https://www.baisyaakov.ca/
  183. https://www.canstarrestorations.com/appliance
  184. http://clarkfreightways.com/web/store/default.aspx
  185. http://124.92.76.184:36571/bin.sh
  186. https://www.eastplats.com/comments/feed/
  187. http://182.119.248.106:36245/bin.sh
  188. https://www.auroraimporting.com/
  189. https://regulvar.com/360
  190. http://brebeuf.org/api/events/in_range/?from=2019-08-22&to=2019-08-22
  191. http://144.172.108.230/penis.sh
  192. http://119.179.238.241:42309/bin.sh
  193. http://110.37.87.13:55865/bin.sh
  194. http://144.172.108.230/bins/mynode.x86_64
  195. https://www.tims.com
  196. https://minel-lights.rs/arquivo_20260217222806.txt
  197. http://110.37.118.66:44479/bin.sh
  198. https://linkcheck.comparis4sosun.coupons/ref_data
  199. https://www.ripobec.com/en/
  200. http://152.89.170.85/bins/kwari.arm
  201. http://www.bisonfamilymedical.com/location/
  202. http://182.123.142.179:54382/bin.sh
  203. https://engines.simson-maxwell.com/
  204. http://182.121.12.88:42171/bin.sh
  205. https://www.ayakitchens.com/
  206. http://www.suratisweetmart.com/
  207. http://de-25x800.com/multi/bins/arm5
  208. http://182.116.83.228:52613/i
  209. https://hitechpiping.ca/about/
  210. http://mail.tims.com/
  211. http://www.redknee.com
  212. http://billetprecision.ca/services/
  213. https://www.etornetworks.com/
  214. http://27.222.77.251:32872/bin.sh
  215. http://www.metal7.com/en/category/rolls-family
  216. http://proxyzabc.zabc.net/bins/deferwqd
  217. http://brebeuf.org/api/events/directory_search/
  218. http://110.36.30.247:60113/i
  219. https://www.whiskijackresorts.com/
  220. https://www.hamptonsecurities.com/
  221. http://1.173.157.244:57204/.i
  222. https://www.vpn.norseman.ca/
  223. http://115.55.228.29:49156/i
  224. http://182.127.115.94:55159/bin.sh
  225. http://ravku.com/ambatukam/rizzx.arm5
  226. https://www.camdon.ca/contact-us/
  227. http://www.sierraconstruction.ca
  228. https://dundasjafine.com/products/
  229. http://45.88.9.60/fuckjewishpeople.sh
  230. https://linkedge.cloudtrace.coupons/edge_node
  231. http://www.rogerspetro.com/
  232. https://www.eastplats.com/./investors/presentations/
  233. http://27.102.137.81/main_mpsl
  234. http://117.211.33.232:40160/bin.sh
  235. https://brebeuf.org/alumni/braves-eternal/
  236. https://sunrise-soya.com/products/sunrise/tofu/
  237. http://confortchem.com/~pussy1/verification
  238. https://www.northernontariowires.com/green
  239. https://starmarketingcanada.com/g-h-cretors/
  240. http://83.209.248.14:45592/i
  241. http://brebeuf.org/api/events/in_range/?from=2015-12-31&to=2015-12-31
  242. http://119.179.237.134:36780/bin.sh
  243. http://dwllp.ca/
  244. https://charlesjones.ca/about/
  245. http://www.carranza.on.ca/resources/accident-benefit-form
  246. http://175.167.4.51:58849/i
  247. http://103.251.236.118/multi/bins/arm7
  248. http://148.113.3.160/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k
  249. http://42.224.2.230:35518/bin.sh
  250. http://177.124.61.98:50357/.i
  251. http://182.116.54.26:48180/bin.sh
  252. http://temps.regulvar.com:8080/gestinfo
  253. http://5.59.248.236/bins/mdsync1
  254. http://ridgid.charlesjones.ca/35318.htm
  255. http://www.centaurproducts.com
  256. https://www.cannara.ca/
  257. http://www.etornetworks.com/
  258. https://www.concordegroup.ca/newsletter-122025
  259. http://proxyzabc.zabc.net/bins/kvmirqd
  260. http://130.12.180.69/armv6l
  261. http://157.230.43.57/ambatukam/rizzx.arm5
  262. https://hitechpiping.ca/services/
  263. https://www.camdon.ca/projects/
  264. https://www.silverlinegroupinc.com
  265. http://www.excavationtourigny.ca/
  266. http://212.85.24.46:84/iran.armv5l
  267. http://115.59.231.172:33058/bin.sh
  268. http://130.12.180.69/armv5l
  269. http://audit.assetlabs.com/streamline?capterra_visitor=capterr
  270. http://144.172.108.230/bins/mynode.armv4l
  271. http://www.wheelsauto.com/>
  272. https://sh1p-rnix.ship5plum.coupons/fmuthxwya
  273. http://117.209.88.157:54293/i
  274. http://110.37.104.99:53495/i
  275. http://58.209.182.219:44109/bin.sh
  276. http://182.119.248.106:36245/i
  277. http://148.113.3.160/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5
  278. http://www.whiskijackresorts.com/property-item/tyndall-stone-lodge
  279. http://www.rogitex.com/~pussy1/verification/leech/update/chase/index.htm
  280. http://duttonbrock.com/uspslabel.zip
  281. http://87.121.84.92/main_arm5
  282. http://42.233.140.226:35897/i
  283. http://www.kingswoodpark.ca/gymnastics/competitive
  284. https://eastplats.com/careers/
  285. https://eastplats.com/what
  286. https://kingswoodpark.ca/golf/proshop/
  287. http://187.156.206.218/info.zip
  288. http://42.226.76.152:39588/i
  289. https://dwllp.ca/mandeep-dhillon/
  290. http://www.kingswoodpark.ca/gymnastics
  291. http://www.norpak.com/norpak-partners.html
  292. http://rogitex.com/~pussy1/verification
  293. https://concordegroup.ca/e
  294. http://82.26.74.181/iran.i486
  295. https://www.idealwelders.com/
  296. http://boulangerieauger.com/la-difference-auger/
  297. http://27.194.34.175:38507/i
  298. https://p3ar-llnk.pear6box.coupons/0v51l
  299. https://www.simson-maxwell.com/
  300. https://www.northernontariowires.com/copy-of-green-button-for-customers
  301. https://www.saglobal.com/cookie
  302. http://www.utilismartcorp.com/news-events/
  303. http://kiwi.sun-rich.com
  304. http://www.camdon.ca/
  305. https://www.northernontariowires.com/conditions
  306. http://110.246.225.30:41988/bin.sh
  307. http://www.mattandsteve.com/ca/
  308. http://www.utilismartcorp.com/?page_id=47
  309. http://intranet.regulvar.com/
  310. http://152.89.170.85/bins/kwari.arm7
  311. https://cccm.bc.ca/email_s=
  312. http://110.36.80.170:32963/i
  313. https://hitechpiping.ca/client
  314. http://91.92.243.47/v3441.exe
  315. https://r2k6d.military423pudd.coupons/mj0oj9ac0
  316. http://110.37.5.60:42891/bin.sh
  317. http://157.230.43.57/ambatukam/rizzx.mpsl
  318. https://www.regulvar.com/fr/bulletin-zone-decembre-2024/
  319. http://www.transportlaberge.com/en/
  320. https://www.dulay.ca/
  321. https://haes.ca/careers/
  322. http://103.251.236.118/multi/bins/mipsel
  323. http://proxyzabc.zabc.net/bins/kworkerd0
  324. https://smartraise.probos7raise.coupons/point_ref
  325. http://157.245.203.34/ambatukam/rizzx.arm7
  326. https://www.redphoenixconstruction.com/feed/rss2
  327. http://42.237.8.242:33125/i
  328. https://magicbook.overdue13wizard.coupons/spell_id
  329. https://www.canstarrestorations.com/strata
  330. https://www.impactcanada.com/
  331. http://www.v4ulogistic.com/
  332. http://icerivergreenbottleco.com/wp-content/plugins/dwd-map-extended/public/css
  333. http://www.ripobec.com/fr/service-de-transport
  334. http://125.43.26.104:39106/i
  335. https://cloud.conwest.com/
  336. http://27.37.27.235:53783/bin.sh
  337. https://wildtimber.timberwalk.coupons/zone_info
  338. https://hitechpiping.ca/contact/
  339. https://tacomaengineers.com/profile-partners-jack.html
  340. https://www.lstlaw.ca/
  341. http://www.precisionaluminum.ca/
  342. http://82.26.74.181/iran.sh4
  343. https://www.northernontariowires.com/ontarioelectricityrebate
  344. http://117.90.231.139:49394/i
  345. http://speedtest.ravand.com/speedtest/upload.php
  346. http://www.kingswoodpark.ca/
  347. http://42.229.170.238:37915/i
  348. http://www.rogitex.com/en/~pussy1/verification/leech/update/chase/index.htm
  349. http://222.141.127.44:43494/bin.sh
  350. http://82.26.74.181/iran.sparc
  351. https://acawtrustfunds.ca/health-and-wellness-claim-form
  352. http://boulangerieauger.com/nouvelles-auger/
  353. https://sunrise-soya.com/recipe/steamed
  354. http://46.163.134.250:39756/i
  355. https://dasmeshschool.com/online/
  356. https://dwgra.com/property/crea/unit-5b-57-cannifton-road-belleville-ontario/24887136
  357. https://sunrise-soya.com/recipe/kimchi
  358. http://www.auroraimporting.com/
  359. https://sunrise-soya.com/products/sunrise/
  360. http://de-25x800.com/b
  361. https://www.whiskijackresorts.com/whiski-jack-app/
  362. http://kelson.on.ca/contact
  363. http://www.triella.com/teranet-web/
  364. http://www.hitechpiping.ca/hws/_catalogs/craneresistoflex-resistopure.pdf
  365. https://growthstep.probos7raise.coupons/level_up
  366. http://152.89.170.85/bins/kwari.i686
  367. https://minel-lights.rs/arquivo_20260217223017.txt
  368. http://www.schauenburg.com/
  369. https://www.mcwilliamsmoving.com/
  370. http://www.obrienavocats.qc.ca/av_dinan.html
  371. http://www.hamptonsecurities.com/private-clients/
  372. https://www.groupepiche.ca/systeme-interieur
  373. http://www.sun-rich.com/
  374. http://www.kivibros.com/
  375. https://www.centaurproducts.com/product/ultima-3000/
  376. https://layerstone.stonecraft.coupons/layer_data
  377. http://110.37.1.162:53031/i
  378. https://www.eastplats.com/investors/2025/eastern
  379. http://110.37.87.13:55865/i
  380. https://www.norseman.ca/
  381. http://tapp.tims.com
  382. http://222.142.253.71:40399/i
  383. http://189.135.101.5/info.zip
  384. http://www.rogitex.com/en/~pussy1/verification
  385. https://xenapp.schauenburg.com
  386. https://sunrise-soya.com/360
  387. http://123.11.13.12:50879/bin.sh
  388. http://148.113.3.160/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6
  389. https://www.eastplats.com/./investors/media
  390. http://82.26.74.181/iran.armv6l
  391. https://hitechpiping.ca/fr/
  392. https://www.renmarkfinancial.com/companies/neo-performance-materials-inc
  393. http://www.clarkfreightways.com/web/store/default.aspx
  394. https://www.cdev.gc.ca/fr/cuge/
  395. http://www.sun-rich.com/locations/
  396. http://182.124.171.8:34960/i
  397. https://essexpowerlines.ca/accounts-services/billing/
  398. http://61.3.28.239:56953/bin.sh
  399. http://82.26.74.181/iran.mipsel
  400. http://123.14.252.27:33775/bin.sh
  401. https://www.tims.com/fees-training
  402. http://www.supersave.ca/
  403. http://212.85.24.46:84/iran.arc
  404. http://157.245.203.34/ambatukam/rizzx.mips
  405. https://watersalt.oceansync.coupons/water_stat
  406. https://www.redphoenixconstruction.com/feed/atom
  407. http://176.65.149.35/x86
  408. http://ww38.coglans.com/
  409. http://www.constructiondprovost.com/upload/contenu-fichiers/kingskrupellos.txt
  410. http://14.168.37.165:13069/.i
  411. http://support.bridgecast.ca/
  412. https://portal.nowinc.ca
  413. https://strategicobjectives.com/2025/02/22/canadas-leading-financial-institutions-collaborate-with-victim-services-toronto-to-support-human-trafficking-survivors/
  414. http://titantrailers.com/thinwall/
  415. http://www.csem.qc.ca/notre-reseau.html
  416. http://billetprecision.ca/?galleries=showcas
  417. http://5.59.248.236/bins/kswapd1
  418. https://www.navitaspet.com/
  419. http://www.tacomaengineers.com/
  420. http://www.rogitex.com/en/rubbers/68-emulsion-styrene-butadiene-rubber
  421. https://portentry.fig2ship.coupons/dock_data
  422. https://www.cote-expert-equipements.com/pdf/cote-catalogue-produits-2021-web-fr.pdf
  423. http://www.sierraconstruction.ca/
  424. http://www.triple8.ca/?page_id=444
  425. http://182.127.111.215:33500/bin.sh
  426. https://deepcoast.bluewave.coupons/tide_data
  427. http://148.113.3.160/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686
  428. http://mailto:[email protected]/
  429. https://hitechpiping.ca/comments/feed/
  430. https://regulvar.com/wp-content/uploads/2022/11/360
  431. http://222.134.173.145:35312/bin.sh
  432. https://sensiblesolutions.ca/about/
  433. https://www.northernontariowires.com/customerchoiceapplicationform
  434. https://guscmg.guscanada.ca/
  435. http://60.19.33.106:60411/i
  436. http://115.51.90.36:57316/bin.sh
  437. http://170.254.10.212:44467/bin.sh
  438. http://219.155.28.148:37281/bin.sh
  439. http://www.rogitex.com/en/~pussy1/verification/leech/update/chase
  440. http://182.126.208.145:45313/i
  441. https://www.dwgra.com
  442. http://www.alliancemercantile.com
  443. http://www.triple8.ca/?page_id=395
  444. http://www.tacomaengineers.com/profile-partners-jack.html
  445. https://www.renmarkfinancial.com/vndrs
  446. http://64.176.37.51:8089/shellcode.bin
  447. https://www.ahmadiyya.ca/member/calendar/jalsa-salana-qadian
  448. http://www.kelson.on.ca/
  449. http://www.essexpowerlines.ca/downloads/cdm_docs/hap/hap-procurement/hap-eligible-participant-experience.pd
  450. http://omegatoolcorp.com/capabilities/engineering/
  451. https://myaccount.essexpowerlines.ca/app/capricorn
  452. https://checknode.censure47contr.coupons/state_val
  453. http://www.ggw.net/
View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for kairos

CVE-2026-41940
CVE-2026-3854
CVE-2026-31431
Other

T1486

T1486

T1490

T1490

T1070.001

T1070.001

T1562.001

T1562.001

T1078

T1078

T1047

T1047

T1021.001

T1021.001

T1059

T1059

T1583

T1583

T1550

T1550

T1040

T1040

T1027

T1027

Victims(65)

CompanyDomainCountryIndustryStatusDiscovered
Commune De Camierscamiers.frFR FranceGovernment & Defense
Unknown
24 days ago
McCarthy Incmccarthyinc.comUS United StatesOther
Unknown
about 1 month ago
Arwiniarwini.deDE GermanyHealthcare
Unknown
about 1 month ago
Ayuntamiento de Valdemorovaldemoro.esES SpainGovernment & Defense
Unknown
about 1 month ago
Houk Air Conditioninghoukac.comUS United StatesProfessional Services
Unknown
about 2 months ago
Gregory JewellersAU AustraliaRetail & E-Commerce
Claimed
2 months ago
Nordenta (a daughter company of LIFCO)DK DenmarkHealthcare
Claimed
2 months ago
Strata RepublicAU AustraliaProfessional Services
Claimed
2 months ago
FriendlyCare PharmacyAU AustraliaHealthcare
Claimed
2 months ago
Pullen MovingUS United StatesTransportation
Claimed
2 months ago
Colonial Presbyterian ChurchUS United StatesRetail & E-Commerce
Claimed
2 months ago
South Florida Injury CentersUS United StatesHealthcare
Claimed
2 months ago
Resch Maschinenbauresch-maschinenbau.deDE GermanyManufacturing
Unknown
3 months ago
Folet & Rivoirefrc-avocats.frFR FranceProfessional Services
Unknown
3 months ago
Institute of Social Security - Paraguayips.gov.pyPY ParaguayGovernment & Defense
Unknown
3 months ago
Katz Kantor Stonestreet & Bucknerkatzkantor.comUS United StatesProfessional Services
Unknown
4 months ago
Rockwood Retirement Communitiesrockwoodretirement.orgUS United StatesRetail & E-Commerce
Unknown
4 months ago
The Marena Groupmarena.comUS United StatesHealthcare
Unknown
4 months ago
Seagrass Boutique Hospitality Groupseagrassbhg.comAU AustraliaHospitality
Unknown
4 months ago
Robbins Parking Service Ltdrobbinsparking.comCA CanadaTransportation
Unknown
4 months ago

Page 1 of 4

Affected countries(24)

Countries where this group has been reported to target or leak victims.

🇦🇺Australia🇧🇷Brazil🇨🇦Canada🇨🇳China🇨🇾Cyprus🇩🇪Germany🇩🇰Denmark🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇮🇳India🇮🇹Italy🇯🇵JapanKorea, Democratic People's Republic of🇱🇷Liberia🇳🇿New Zealand🇵🇭Philippines🇵🇾Paraguay🇸🇪Sweden🇸🇰Slovakia🇹🇷TurkeyTaiwan, Province of China🇺🇸United States🇿🇦South Africa