Nefilim
According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is removal of the RaaS component, which was switched to email communications for payments. Uses AES-128, which is then protected RSA2048.
Victims
15
First Discovered
2020-05-05
victim
Last Discovered
2021-09-09
victim
Inactive Since
4yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
100.0%
victims with domain
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
None | No | 2025-06-01 21:18:36 | hxt254aygrsziejn.onion |
Target (Available)
Top 5 Activity Sectors
- Critical Manufacturing 3
- Transportation Systems 1
- Communication 1
Top 5 Countries
-
Australia
1
-
New Zealand
1
-
France
1
-
Germany
1
Heatmap (Available)
Ransom Notes (1)
Tools Used (Not Available)
No tools used available.
Vulnerabilities Exploited (0)
No vulnerabilities exploited available.
TTPs Matrix (0)
No TTPs available.
Negotiation Chats (0)
No negotiation chats available.
YARA Rules (0)
No YARA rules available.
Indicators of Compromise (IoCs) (0)
No IoCs available for this group.
Victims (15)
No description available
No description available
