Payload is a ransomware group that emerged in early 2026, using Babuk-derived source code targeting both Windows and ESXi systems with cross-platform double-extortion attacks against healthcare, energy, real estate, and agriculture sectors, claiming 12 victims across seven countries within hours of launching its leak site.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Tácticas y técnicas observadas del actor, mapeadas a MITRE ATT&CK (clic para ver la ficha oficial). Útil para priorizar detecciones.
Para detección/bloqueo en tu EDR/SIEM. Fuente: ransomware.live.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
payload ransomware
*/
rule payload_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.payload"
description = "Detects payload ransomware ransom note or artifact"
date = "2026-05-04"
severity = 7
score = 70
strings:
$name1 = "payload" ascii nocase
$name2 = "PAYLOAD" ascii
$onion = "payload.onion" ascii nocase
condition:
any of them
}
Welcome to Payload! The next 72 hours will determine certain factors in the life of your company: the publication of the file tree, which we have done safely and unnoticed by all of you, and the publication of your company's full name on our luxurious blog. NONE of this will happen if you contact us within this time frame and our negotiations are favorable. We are giving you 240 hours to: 1. familiarize yourself with our terms and conditions, 2. begin negotiations with us, 3. and successfully conclude them. The timer may be extended if we deem it necessary (only in the upward direction). Once the timer expires, all your information will be posted on our blog. ATTENTION! Contacting authorities, recovery agencies, etc. WILL NOT HELP YOU! At best, you will waste your money and lose some of your files, which they will carefully take to restore! You should also NOT turn off, restart, or put your computer to sleep. In the future, such mistakes can make the situation more expensive and the files will not be restored! We DO NOT recommend doing anything with the files, as this will make it difficult to recover them later! When contacting us: you can request up to 3 files from the file tree, you can request up to 3 encrypted files up to 15 megabytes so that we can decrypt them and you understand that we can do it. First, you should install Tor Browser: 1. Open: [redactado] 2. Choose your OS and select it 3. Run installer 4. Enjoy! In countries where tor is prohibited, we recommend using bridges, which you can take: [redactado] You can read: [redactado] (Tor) To start negotiations, go to [redactado] and login: User: [snip] Password: [snip] Your ID to verify: [snip]
PSTBN Peroni Sosa Tellechea Burt & Narvaja is one of the largest and most prestigious law firms in Paraguay, founded in 1968. The firm is committed to meeting the diverse legal needs of its clients across various practice areas, including corporate law, tax law, agribusiness, and regulatory compliance.
Meditron C.A. is a Venezuelan company founded in 1972, specializing in the marketing and after-sales service of medical equipment. They also design, construct, and equip healthcare infrastructures, providing comprehensive solutions in the health sector. Their offerings include a wide range of medical devices and technical support services, catering to various healthcare needs. Meditron represents globally recognized brands and is committed to supporting medical innovation and excellence in Venezuela.
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| Peroni Sosa Tellechea Burt & Narvaja | UY | Business Services | — | 23 abr 2026 |
| meditron.com.ve | VE | Healthcare | — | 23 abr 2026 |
| Notaría 89 | MX | Business Services | — | 19 mar 2026 |
| Alcoholes Finos Dominicanos | DO | Agriculture and Food Production | — | 14 mar 2026 |
| Río Grande (Puerto Rico) | PR | Public Sector | — | 14 mar 2026 |
| Almacenes Distribuidores de la Frontera | MX | Business Services | — | 17 feb 2026 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
Notaría 89 – Edomex, located in the State of Mexico, offers specialized legal services for various real estate transactions and contracts. Under the leadership of Licenciado Luis Octavio Hermoso y Colín, the notary public provides services such as the granting of powers, purchase contracts, real estate mortgages, and the constitution of societies. The notary public also handles testaments and other notarial services, ensuring all legal requirements are met for property transfers and other legal matters.
Alcoholes Finos Dominicanos, S.A. (AFD) is a Dominican company that produces food-grade alcohol and rum-related spirits using sugarcane juice as its main raw material. The company focuses on alcohol production for human consumption and uses industrial distillation processes with quality and sustainability programs.
Río Grande is a municipality located in Puerto Rico, a U.S. territory in the Caribbean. It has its own local government that manages public services, administration, and community programs for residents.
Almacenes Distribuidores de la Frontera ha forjado una trayectoria sólida en el Estado de Chihuahua. Desde sus inicios, la empresa ha evolucionado para convertirse en un referente en la industria de tiendas de conveniencia, gasolineras y embotelladoras de agua. Dos nombres que resuenan fuertemente en el mercado son Superette y Del Rio. Estas tiendas de conveniencia se han convertido en destinos confiables para los consumidores que buscan conveniencia, variedad y un servicio excepcional.