Nefilim
According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is removal of the RaaS component, which was switched to email communications for payments. Uses AES-128, which is then protected RSA2048.
Victims
15
First Discovered
2020-05-05
victim
Last Discovered
2021-09-09
victim
Inactive Since
4yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
0.0%
victims with domain
Countries
4
hit
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
No | 2026-04-28T07:25:07 |
hxt254aygrsziejn.onion
|
Target
Top 5 Activity Sectors
- Manufacturing 5
- Consumer Services 3
- Business Services 2
- Telecommunication 2
- Healthcare 1
Top 5 Countries
-
Germany
1
-
France
1
-
New Zealand
1
-
Australia
1
Heatmap
Ransom Notes (1)
YARA Rules (1)
Indicators of Compromise (IoCs) (3)
Email
3
| Type | IOC |
|---|---|
Email
|
bernardocarlos@tutanota.com
|
Email
|
deanlivermore@protonmail.com
|
Email
|
robertatravels@mail.com
|
Victims (15)
No description available
No description available
