Satanlockv2
SatanLock is a short-lived ransomware group that first appeared in April 2025 and abruptly shut down in July 2025 after claiming attacks against roughly 67 organizations — though over 65% of listed victims were duplicates from other groups — leaking all stolen data publicly upon shutdown.
Victims
4
First Discovered
2025-07-04
victim
Last Discovered
2025-07-07
victim
Inactive Since
311
days
Avg Delay
N/A
attack→claim
Infostealer
0.0%
victims with domain
Countries
3
hit
Attack Velocity — Last 12 months
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
SatanLock V2 Leaks | Yes | 2026-05-14T01:48:03 | Apache 2.4.58 (Win64) OpenSSL 3.1.3 PHP 8.2.12 — PHP 8.2.12 |
tzhwmgguyxrg6q3tu4q3gvopcjynrhw6ryx2bdl5ghisdkyunfua5xyd.onion
|
Target
Top 5 Activity Sectors
- Healthcare 1
- Education 1
- Business Services 1
Top 5 Countries
-
Indonesia
1
-
Thailand
1
-
Italy
1
Heatmap
YARA Rules (1)
Indicators of Compromise (IoCs) (1)
tox
1
| Type | IOC |
|---|---|
tox
|
CF7175635116009D235F2BC2C657CB4DF1B18317D4EADD30F8238C33E2D2116851C9344C774D
|
Victims (4)
