Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Nefilim

According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is removal of the RaaS component, which was switched to email communications for payments. Uses AES-128, which is then protected RSA2048.

Victims count: 15

Last discovered victim 2021-09-09

First discovered victims: 2020-05-05


Known Locations
Favicon Title Type Available Last Visit FQDN
favicon None No 2025-01-28 10:00:48 hxt254aygrsziejn.onion

Heatmap

Ransom Notes

Tools Used

No tools used available.


Vulnerabilities Exploited

No vulnerabilities exploited available.


TTPs Matrix

No TTPs available.


Negotiation Chats

No negotiation chats available.


YARA Rules

No YARA rules available.


Victims (15)
Logo
Atlanta Allergy & Asthma. Part 1. Nefilim
📅 Discovery Date: 2021-09-09
N/A
Logo
Grimmway Farms. Part 1. Nefilim
📅 Discovery Date: 2021-09-09
N/A
Logo
Seven Seas. Part 1. Nefilim
📅 Discovery Date: 2021-09-09
N/A
Logo
The MADSACK Media Group. Part 1. Nefilim
📅 Discovery Date: 2021-09-09
N/A
Logo
Tegut. Part 1. Nefilim
📅 Discovery Date: 2021-09-09
N/A
Logo
TPG Internet. Part 1. Nefilim
📅 Discovery Date: 2021-09-09
N/A
Logo
Saipa Press. Part 1. Nefilim
📅 Discovery Date: 2021-09-09
N/A
Logo
Tegut. Part 2. Nefilim
📅 Discovery Date: 2021-09-09
N/A
Logo
The MADSACK Media Group. Part 2. Nefilim
📅 Discovery Date: 2021-09-09
N/A
Logo
Whirlpool Nefilim
📅 Discovery Date: 2020-12-01
N/A
Logo
Orange (mobile operator) Nefilim
📅 Discovery Date: 2020-07-04
N/A
FR
Logo
Fisher and Paykel Appliances Nefilim
📅 Discovery Date: 2020-06-01
N/A
NZ
Logo
Toll Group Nefilim
📅 Discovery Date: 2020-05-05
N/A
AU