{
	"id": "f6170310-dd48-499a-8757-260b8fe7d457",
	"created_at": "2026-04-06T00:12:19.019793Z",
	"updated_at": "2026-04-10T13:12:40.90569Z",
	"deleted_at": null,
	"sha1_hash": "d25b9a57214403f5de4d144724da164a4c145016",
	"title": "REvil ransomware gang 'acquires' KPOT malware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2343287,
	"plain_text": "REvil ransomware gang 'acquires' KPOT malware\r\nBy Written by Catalin Cimpanu, ContributorContributor Nov. 3, 2020 at 4:30 p.m. PT\r\nArchived: 2026-04-05 13:34:56 UTC\r\nImage: Joshua Hoehne\r\nThe operators of the REvil ransomware strain have \"acquired\" the source code of the KPOT trojan in an auction\r\nheld on a hacker forum last month.\r\nZDNET Recommends\r\nThe sale took place after the KPOT malware author decided to auction off the code, desiring to move off to other\r\nprojects.\r\nThe sale was organized as a public auction on a private underground hacking forum for Russian-speaking cyber-criminals, security researcher Pancak3 told ZDNet in an interview last month.\r\nThe only bidder was UNKN, a well-known member of the REvil (Sodinokibi) ransomware gang, Pancak3 said.\r\nUNKN paid the initial asking price of $6,500, while other forum members declined to participate, citing the steep\r\nasking price.\r\nThe REvil operator received the source code of KPOT 2.0, the latest version of the KPOT malware.\r\nFirst spotted in 2018, KPOT is a classic \"information stealer\" that can extract and steal passwords from various\r\napps on infected computers. This includes web browsers, instant messengers, email clients, VPNs, RDP services,\r\nFTP apps, cryptocurrency wallets, and gaming software, according to a 2019 Proofpoint report.\r\nhttps://www.zdnet.com/article/revil-ransomware-gang-acquires-kpot-malware/\r\nPage 1 of 2\n\nPancak3, who first spotted the KPOT auction in mid-October, told ZDNet that he believes the REvil gang bought\r\nKPOT to \"further develop it\" and add it to its considerable arsenal of hacking tools the gang uses during its\r\ntargeted intrusions inside corporate networks.\r\nAlthough many other forum members have described the KPOT code as overpriced, UNKN and the REvil gang\r\nhave money to spare.\r\nThe REvil member, who has been operating as the ransomware gang's public figurehead and recruiter for the past\r\ntwo years on hacking forums, has recently given an interview to a Russian YouTube channel, claiming that the\r\nREvil gang makes more than $100 million from ransom demands each year [1, 2].\r\nUNKN also claimed the gang fears assassinations more than they fear a law enforcement action.\r\nThe FBI's most wanted cybercriminals\r\nSecurity\r\nEditorial standards\r\nSource: https://www.zdnet.com/article/revil-ransomware-gang-acquires-kpot-malware/\r\nhttps://www.zdnet.com/article/revil-ransomware-gang-acquires-kpot-malware/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.zdnet.com/article/revil-ransomware-gang-acquires-kpot-malware/"
	],
	"report_names": [
		"revil-ransomware-gang-acquires-kpot-malware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434339,
	"ts_updated_at": 1775826760,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d25b9a57214403f5de4d144724da164a4c145016.pdf",
		"text": "https://archive.orkl.eu/d25b9a57214403f5de4d144724da164a4c145016.txt",
		"img": "https://archive.orkl.eu/d25b9a57214403f5de4d144724da164a4c145016.jpg"
	}
}