Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Donex

DoNex is a ransomware strain that emerged in March 2024 as the latest rebrand of a lineage beginning with Muse (2022) → DarkRace (2023) → DoNex, targeting enterprises in the US and Europe using double-extortion; Avast released a free decryptor in July 2024 after discovering a cryptographic flaw.

Victims
5
 
First Discovered
2024-03-08
victim
Last Discovered
2024-03-08
victim
Inactive Since
2yrs
more than
Avg Delay
12.4
days
Infostealer
20.0%
victims with domain
Countries
5
hit
View Victims on World Map View Group Statistics
Known Locations (1)
Favicon Title Type Available Last Visit Server Info FQDN
favicon Donex ransomeware leakage - No 2026-04-28T07:23:37 g3h3klsev3eiofxhykmtenmdpi67wzmaixredk5pjuttbx7okcfkftqd.onion
Target
Top 5 Activity Sectors
  • Technology 2
  • Transportation/Logistics 1
  • Agriculture and Food Production 1
  • Business Services 1
Top 5 Countries
  • NL flag Netherlands 1
  • US flag United States 1
  • IT flag Italy 1
  • CZ flag Czechia 1
  • BE flag Belgium 1
Heatmap
TTPs Matrix (7)
This information is provided by Crocodyli & Ransomware.live
Execution Persistence Defense Evasion Credential Access Discovery Collection Impact
Windows Management Instrumentation Windows Services Obfuscated Files or Information Input Capture System Service Discovery Data Staged Data Destruction
Command and Scripting Interpreter   Indicator Removal from Tools   Application Window Discovery Automated Collection Data Encrypted for Impact
Scripting   Embedded Payloads   System Network Configuration Discovery   Service Stop
Native API   Masquerading   Remote System Discovery   Inhibit System Recovery
Shared Modules   Scripting   Process Discovery    
    Clear Windows Event Logs   System Information Discovery    
    File Deletion   File and Directory Discovery    
    Indirect Command Execution   Network Share Discovery    
    File and Directory Permissions Modification   Security Software Discovery    
    Abuse Elevation Control Mechanism        
    Disable or Modify Tools        
    Hidden Window        
YARA Rules (1)
Victims (5)
Logo
vdhelm NL
Donex
Discovered: 2024-03-08 (2y ago)  ·  Attack est.: 2024-02-22
Van der Helm is a 4PL logistic service provider with a limitless passion for transport and logistics…
Logo
PFLEET US
Donex
Discovered: 2024-03-08 (2y ago)  ·  Attack est.: 2024-02-23
P-Fleet is a leader in expense and payment management solutions for commercial fleets, including tho…
Logo
elsapspa IT
Donex
Discovered: 2024-03-08 (2y ago)  ·  Attack est.: 2024-02-24
Da oltre 50 anni, Elsap è un’impresa dedita alla rappresentanza e alla distribuzione di componenti e…
Logo
CHOCOTOPIA CZ
Donex
Discovered: 2024-03-08 (2y ago)  ·  Attack est.: 2024-02-27
Chocotopia is a center of entertainment in the heart of Prague. You can visit here Museum of Chocola…
Logo
mirel BE
Donex
Discovered: 2024-03-08 (2y ago)  ·  Attack est.: 2024-02-27
Nous sommes votre partenaire en matière de recrutement et de sélection. Nous nous déplaçons sans eng…