Ransomware Group intelligence

Kawa4096

Inactive

Track Kawa4096 with 17 published victims and 1 known leak locations in a single intelligence view.

Victims 17 Known published victims in this dataset

First discovered 2025-06-27 Earliest victim discovery date

Last discovered 2025-07-29 Latest victim discovery date

Inactive since 270 days Days since the latest known victim

Top country United States 11 victims

Known locations 1 Leak or negotiation infrastructure tracked

Kawa4096 is tracked by Breach House as a ransomware group with 17 published victims.

United States is currently the most targeted country in this dataset.

1 known leak locations are currently associated with this group.

Top Countries

Distribution

Label	Type	Availability	Links
Leak location 1	Onion service	Unknown	`kawasa2qo7345dt7ogxmx7qmn6z2hnwaoi3h5aeosupozkddqwp6lqqd.onion`

No sector intelligence available.

Ransom Notes (0)

▼

No ransom notes available for this group.

Tools Used

▼

No tools used available.

YARA Rules (0)

▼

No YARA rules available.

Indicators of Compromise (0)

▼

No IoCs available for this group.

Negotiation Chats (0)

▼

No negotiation chats available.

No external research sources linked yet.

Victims (17)

Search, filter and paginate the victim timeline for Kawa4096.

Type	Target	Discovered	Country	Business Category	Intel Link
Ransomware	********.org id21413 View details	2025-07-29	United States	Other	—
********.org ID 21413
Ransomware	**********.net id21394 View details	2025-07-27	United States	Other	—
**********.net ID 21394
Ransomware	**********.com id21391 View details	2025-07-27	United States	Other	—
**********.com ID 21391
Ransomware	icmconv.com id21295 View details	2025-07-22	United States	Other	—
icmconv.com ID 21295
Ransomware	carestlhealth.org id21294 View details	2025-07-22	United States	Healthcare / Pharma	—
carestlhealth.org ID 21294
Ransomware	sbamh.org id21290 View details	2025-07-22	United States	Other	—
sbamh.org ID 21290
Ransomware	gatewaycsb.org id21012 View details	2025-07-07	United States	Other	—
gatewaycsb.org ID 21012
Ransomware	heimhaus.de id21007 View details	2025-07-07	Germany	Other	—
www.heimhaus.de ID 21007
Ransomware	tokiomarine-nichido.co.jp id20917 View details	2025-07-01	Japan	Other	—
tokiomarine-nichido.co.jp ID 20917
Ransomware	www.ogr-jp.com id20916 View details	2025-07-01	Japan	Other	—
www.ogr-jp.com ID 20916
Ransomware	www.malonebailey.com id20907 View details	2025-06-30	United States	Other	—
www.malonebailey.com ID 20907
Ransomware	********-*****.co.jp id20906 View details	2025-06-30	Japan	Other	—
********-*****.co.jp ID 20906
Ransomware	*************.org id20905 View details	2025-06-30		Other	—
*************.org ID 20905
Ransomware	Morningsideservices id20859 View details	2025-06-27	United States	Services
www.morningsideservices.com ID 20859
Ransomware	******.de id20858 View details	2025-06-27	Germany	Other
www.******.de ID 20858
Ransomware	******.com id20857 View details	2025-06-27	United States	Other
www.******.com ID 20857
Ransomware	******.org id20856 View details	2025-06-27	United States	Other
******.org ID 20856

Kawa4096

Overview

Top Countries

Known Leak Locations (1)

Top Activity Sectors