Threat Actor Profile
High
Cybercriminal
Description
Babuk Locker 2.0, also known as Bjorka or SkyWave, after failing to make any profit from selling public databases on forums, decided to impersonate Babuk Ransomware group. He launched a blog where he claimed multiple public breaches from BreachForums as ransomware attacks
Confidence Score
Known Aliases
Satanlock
Tags
ransomware
ransomware.live
Satanlock
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'added_date': '2025-01-27',
'client': '2003264@sit.singaporetech.edu.sg',
'description': 'Babuk Locker 2.0, also known as Bjorka or SkyWave, after '
'failing to make any profit from selling public databases on '
'forums, decided to impersonate Babuk Ransomware group. He '
'launched a blog where he claimed multiple public breaches '
'from BreachForums as ransomware attacks',
'firstseen': '2021-02-01T08:26:49.563762+00:00',
'group': 'babuk2',
'has_negotiations': False,
'has_ransomnote': True,
'lastseen': '2025-04-06T20:59:36+00:00',
'locations': [{'available': False,
'fqdn': '5g2e.l.time4vps.cloud',
'slug': 'http://5g2e.l.time4vps.cloud/',
'title': '',
'type': 'DLS'},
{'available': False,
'fqdn': '7dikawx73goypgfi4zyo5fcajxwb7agemmiwqax3p54aey4dwobcvcyd.onion',
'slug': 'http://7dikawx73goypgfi4zyo5fcajxwb7agemmiwqax3p54aey4dwobcvcyd.onion/',
'title': 'Babuk - Leaks site',
'type': 'DLS'},
{'available': False,
'fqdn': 'bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion',
'slug': 'http://bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/',
'title': 'Babuk - Leaks site',
'type': 'DLS'},
{'available': False,
'fqdn': '212.24.99.211.',
'slug': 'http://212.24.99.211/',
'title': '',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 1,
'tiaras_metadata': {'has_negotiations': False,
'has_ransomnote': True,
'locations': [{'available': False,
'fqdn': '5g2e.l.time4vps.cloud',
'slug': 'http://5g2e.l.time4vps.cloud/',
'title': '',
'type': 'DLS'},
{'available': False,
'fqdn': '7dikawx73goypgfi4zyo5fcajxwb7agemmiwqax3p54aey4dwobcvcyd.onion',
'slug': 'http://7dikawx73goypgfi4zyo5fcajxwb7agemmiwqax3p54aey4dwobcvcyd.onion/',
'title': 'Babuk - Leaks site',
'type': 'DLS'},
{'available': False,
'fqdn': 'bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion',
'slug': 'http://bxwu33iefqfc3rxigynn3ghvq4gdw3gxgxna5m4aa3o4vscdeeqhiqad.onion/',
'title': 'Babuk - Leaks site',
'type': 'DLS'},
{'available': False,
'fqdn': '212.24.99.211.',
'slug': 'http://212.24.99.211/',
'title': '',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 1,
'ransomware_live_group': 'babuk2',
'tools': {},
'url': 'https://www.ransomware.live/group/babuk2',
'victims': 180,
'vulnerabilities': []},
'tiaras_source': 'ransomware.live',
'tools': {},
'ttps': [],
'url': 'https://www.ransomware.live/group/babuk2',
'victims': 180,
'vulnerabilities': []}