Threat Actor Profile
High
Cybercriminal
Description
Vice Society ransomware appends the .v-society extension when encrypting Linux machines. Running a leak site on the darkweb, Possible relations with "HelloKitty"
Confidence Score
Tags
ransomware
ransomware.live
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'added_date': None,
'client': '2003264@sit.singaporetech.edu.sg',
'description': 'Vice Society ransomware appends the .v-society extension when '
'encrypting Linux machines. Running a leak site on the '
'darkweb, Possible relations with "HelloKitty"',
'firstseen': '2021-05-31T00:00:00+00:00',
'group': 'vicesociety',
'has_negotiations': False,
'has_ransomnote': True,
'lastseen': '2023-06-20T21:06:18.878330+00:00',
'locations': [{'available': False,
'fqdn': 'wmp2rvrkecyx72i3x7ejhyd3yr6fn5uqo7wfus7cz7qnwr6uzhcbrwad.onion',
'slug': 'http://wmp2rvrkecyx72i3x7ejhyd3yr6fn5uqo7wfus7cz7qnwr6uzhcbrwad.onion/partners.html',
'title': 'Vice Society - Official Site',
'type': 'DLS'},
{'available': False,
'fqdn': 'ml3mjpuhnmse4kjij7ggupenw34755y4uj7t742qf7jg5impt5ulhkid.onion',
'slug': 'http://ml3mjpuhnmse4kjij7ggupenw34755y4uj7t742qf7jg5impt5ulhkid.onion/partners.html',
'title': 'Vice Society - Official Site',
'type': 'DLS'},
{'available': False,
'fqdn': 'ecdmr42a34qovoph557zotkfvth4fsz56twvwgiylstjup4r5bpc4oad.onion',
'slug': 'http://ecdmr42a34qovoph557zotkfvth4fsz56twvwgiylstjup4r5bpc4oad.onion',
'title': 'there is nothing...',
'type': 'DLS'},
{'available': False,
'fqdn': 'ssq4zimieeanazkzc5ld4v5hdibi2nzwzdibfh5n5w4pw5mcik76lzyd.onion',
'slug': 'http://ssq4zimieeanazkzc5ld4v5hdibi2nzwzdibfh5n5w4pw5mcik76lzyd.onion/partners.html',
'title': 'Vice Society - Official Site',
'type': 'DLS'},
{'available': False,
'fqdn': '4hzyuotli6maqa4u.onion',
'slug': 'http://4hzyuotli6maqa4u.onion',
'title': '',
'type': 'DLS'},
{'available': False,
'fqdn': 'vsociethok6sbprvevl4dlwbqrzyhxcxaqpvcqt5belwvsuxaxsutyad.onion',
'slug': 'http://vsociethok6sbprvevl4dlwbqrzyhxcxaqpvcqt5belwvsuxaxsutyad.onion',
'title': 'Vice Society - Official Site',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 1,
'tiaras_metadata': {'has_negotiations': False,
'has_ransomnote': True,
'locations': [{'available': False,
'fqdn': 'wmp2rvrkecyx72i3x7ejhyd3yr6fn5uqo7wfus7cz7qnwr6uzhcbrwad.onion',
'slug': 'http://wmp2rvrkecyx72i3x7ejhyd3yr6fn5uqo7wfus7cz7qnwr6uzhcbrwad.onion/partners.html',
'title': 'Vice Society - Official Site',
'type': 'DLS'},
{'available': False,
'fqdn': 'ml3mjpuhnmse4kjij7ggupenw34755y4uj7t742qf7jg5impt5ulhkid.onion',
'slug': 'http://ml3mjpuhnmse4kjij7ggupenw34755y4uj7t742qf7jg5impt5ulhkid.onion/partners.html',
'title': 'Vice Society - Official Site',
'type': 'DLS'},
{'available': False,
'fqdn': 'ecdmr42a34qovoph557zotkfvth4fsz56twvwgiylstjup4r5bpc4oad.onion',
'slug': 'http://ecdmr42a34qovoph557zotkfvth4fsz56twvwgiylstjup4r5bpc4oad.onion',
'title': 'there is nothing...',
'type': 'DLS'},
{'available': False,
'fqdn': 'ssq4zimieeanazkzc5ld4v5hdibi2nzwzdibfh5n5w4pw5mcik76lzyd.onion',
'slug': 'http://ssq4zimieeanazkzc5ld4v5hdibi2nzwzdibfh5n5w4pw5mcik76lzyd.onion/partners.html',
'title': 'Vice Society - Official Site',
'type': 'DLS'},
{'available': False,
'fqdn': '4hzyuotli6maqa4u.onion',
'slug': 'http://4hzyuotli6maqa4u.onion',
'title': '',
'type': 'DLS'},
{'available': False,
'fqdn': 'vsociethok6sbprvevl4dlwbqrzyhxcxaqpvcqt5belwvsuxaxsutyad.onion',
'slug': 'http://vsociethok6sbprvevl4dlwbqrzyhxcxaqpvcqt5belwvsuxaxsutyad.onion',
'title': 'Vice Society - Official Site',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 1,
'ransomware_live_group': 'vicesociety',
'tools': {'CredentialTheft': [],
'DefenseEvasion': [],
'DiscoveryEnum': ['Advanced IP Scanner',
'Advanced Port Scanner'],
'Exfiltration': ['MEGA', 'RClone', 'WinSCP'],
'LOLBAS': ['Minidump',
'NTDS Utility (ntdsutil)',
'PsExec',
'WMIC'],
'Networking': ['Proxychains'],
'Offsec': ['Cobalt Strike',
'Impacket',
'PowerShell Empire',
'PowerSploit'],
'RMM-Tools': ['PowerAdmin']},
'url': 'https://www.ransomware.live/group/vicesociety',
'victims': 188,
'vulnerabilities': []},
'tiaras_source': 'ransomware.live',
'tools': {'CredentialTheft': [],
'DefenseEvasion': [],
'DiscoveryEnum': ['Advanced IP Scanner', 'Advanced Port Scanner'],
'Exfiltration': ['MEGA', 'RClone', 'WinSCP'],
'LOLBAS': ['Minidump', 'NTDS Utility (ntdsutil)', 'PsExec', 'WMIC'],
'Networking': ['Proxychains'],
'Offsec': ['Cobalt Strike',
'Impacket',
'PowerShell Empire',
'PowerSploit'],
'RMM-Tools': ['PowerAdmin']},
'ttps': [],
'url': 'https://www.ransomware.live/group/vicesociety',
'victims': 188,
'vulnerabilities': []}