Dire Wolf is a sophisticated human-operated ransomware group first documented in May 2025, written in Golang using Curve25519/ChaCha20 encryption, targeting manufacturing and technology sectors across 13+ countries with ransoms up to $500,000, operated by a tight core team rather than a broad affiliate program.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Este grupo no tiene TTPs curadas. Puedes generar un mapeo MITRE ESTIMADO por IA (no confirmado) a partir de su descripción/notas, solo cuando lo pidas.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
direwolf ransomware
*/
rule direwolf_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.direwolf"
description = "Detects direwolf ransomware ransom note or artifact"
date = "2026-05-04"
severity = 7
score = 70
strings:
$name1 = "direwolf" ascii nocase
$name2 = "DIREWOLF" ascii
$onion = "direwolf.onion" ascii nocase
condition:
any of them
}
Dear Mr or Ms,
If you are reading this message, it means that:
- your network infrastructure has been compromised
- critical data was leaked
- We decrypted your encrypted files. The anti-leakage system is useless to us. We can provide proof.
- files are encrypted
--------------------------------------------------------------------------
The best and only thing you can do is to contact us
to settle the matter before any losses occurs.
--------------------------------------------------------------------------
We can maintain confidentiality for 3 days for you, during which we will not disclose any information about your intrusion or data leakage.
We can extend the confidentiality period free of charge until we reach an agreement if you contact us within 3 days and communicate effectively with us.
If the confidentiality period expires, we will disclose the relevant information.
We provide complimentary decryption testing services. For specific details, please contact us.
--------------------------------------------------------------------------
We have provided a sample document as proof of our possession of your files and you can download and check it:
- [redactado]
Please be advised that your files are scheduled for public release after 30 working days.
If you want to secure your files, we urge you to reach out to us at your earliest convenience.
--------------------------------------------------------------------------
Contact Details:
- live chat room:
- url:[redactado]
- roomID: [snip]
- username: [snip]
- password: [snip]
--------------------------------------------------------------------------
Our official website:
- url:[redactado]
--------------------------------------------------------------------------
How to access .onion website:
1.Download and install TOR Browser [redactado]
2.Open it and try to access our onion address
3.Maybe you need to use VPN if it can not open our onion address[AI generated] Transpedrosa is a Brazilian company that specializes in the transportation of liquid and gas products. Established in 1969, they handle an array of materials like chemical, petrochemical, and aviation products. They continue to expand their services beyond their initial local focus, becoming a crucial player in the road transport logistic sector within Brazil.
[AI generated] Clemar Assessoria e Logística em Comércio Internacional is a Brazilian company specializing in international trade and logistic services. With extensive experience in the sector, it provides assistance in customs clearance, export and import processes, freight forwarding, and international business consultancy. The company aims to facilitate and simplify foreign trade operations for businesses of all sizes.
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| Transpedrosa | BR | Transportation/Logistics | — | 26 nov 2025 |
| Clemar Assessoria e Logística em Comércio Internacional | BR | Transportation/Logistics | — | 26 nov 2025 |
| Electricidad Panamericana | AR | Energy | — | 26 nov 2025 |
| Aroeira Salles Advogados | BR | Business Services | — | 25 ago 2025 |
| Universidad Mayor | CL | Education | — | 20 jul 2025 |
| INICIA | DO | Agriculture and Food Production | — | 8 jul 2025 |
| Faria Braga Advogados Associados | BR | Business Services | — | 8 jul 2025 |
| Medifarma | PE | Healthcare | — | 10 jun 2025 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
[AI generated] N/A
[AI generated] Aroeira Salles Advogados is a Brazilian law firm providing a comprehensive array of legal services. Their expertise covers a range of disciplines such as labor law, public law, civil law, business law, and environmental law. Established in 2001, the firm serves both individuals and corporations and is known for its commitment to ethical and effective legal practice. Aroeira Salles prides itself on its use of technology for driving efficiency in legal services.
Universidad Mayor (UM), acreditación institucional con la Middle States Commission on Higher Education de los EE.UU (MSCHE).
Inicia Ltd specializes in providing a range of poultry-related products and services.