Threat Actor Profile
Medium Cybercriminal
Confidence Score
100%
Known Aliases
KaWaLocker
Tags
ransomware ransomware.live KaWaLocker
First Seen

Unknown

Last Updated

Unknown

Active Status
Active
Created

April 29, 2026

Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel
STIX Data 
{'added_date': '2025-06-27',
 'client': '2003264@sit.singaporetech.edu.sg',
 'description': None,
 'firstseen': '2025-06-19T06:28:21.899081+00:00',
 'group': 'kawa4096',
 'has_negotiations': False,
 'has_ransomnote': False,
 'lastseen': '2025-07-28T09:07:24.448175+00:00',
 'locations': [{'available': False,
                'fqdn': 'kawasa2qo7345dt7ogxmx7qmn6z2hnwaoi3h5aeosupozkddqwp6lqqd.onion',
                'slug': 'http://kawasa2qo7345dt7ogxmx7qmn6z2hnwaoi3h5aeosupozkddqwp6lqqd.onion',
                'title': 'Kawa4096',
                'type': 'DLS'}],
 'negotiation_count': 0,
 'ransomnotes_count': 0,
 'tiaras_metadata': {'has_negotiations': False,
                     'has_ransomnote': False,
                     'locations': [{'available': False,
                                    'fqdn': 'kawasa2qo7345dt7ogxmx7qmn6z2hnwaoi3h5aeosupozkddqwp6lqqd.onion',
                                    'slug': 'http://kawasa2qo7345dt7ogxmx7qmn6z2hnwaoi3h5aeosupozkddqwp6lqqd.onion',
                                    'title': 'Kawa4096',
                                    'type': 'DLS'}],
                     'negotiation_count': 0,
                     'ransomnotes_count': 0,
                     'ransomware_live_group': 'kawa4096',
                     'tools': {},
                     'url': 'https://www.ransomware.live/group/kawa4096',
                     'victims': 17,
                     'vulnerabilities': []},
 'tiaras_source': 'ransomware.live',
 'tools': {},
 'ttps': [],
 'url': 'https://www.ransomware.live/group/kawa4096',
 'victims': 17,
 'vulnerabilities': []}
Quick Actions
Back to Threat Actors
Dashboard Home