Nefilim
According to Vitali Kremez and Michael Gillespie, this ransomware shares much code with Nemty 2.5. A difference is removal of the RaaS component, which was switched to email communications for payments. Uses AES-128, which is then protected RSA2048.
Victims
15
First Discovered
victim2020-05-05
Last Discovered
victim2021-09-09
Avg Delay
between attack and claimN/A
Infostealer
for victim with domain100.0%
Known Locations (1)
Target (Available)
Top 5 Activity Sectors
- Critical Manufacturing 3
- Transportation Systems 1
- Communication 1
Top 5 Countries
-
Australia
1
-
New Zealand
1
-
France
1
-
Germany
1
Heatmap (Available)
Ransom Notes (1)
Tools Used (Not Available)
No tools used available.
Vulnerabilities Exploited (0)
No vulnerabilities exploited available.
TTPs Matrix (0)
No TTPs available.
Negotiation Chats (0)
No negotiation chats available.
YARA Rules (0)
No YARA rules available.
Indicators of Compromise (IoCs) (0)
No IoCs available for this group.
Victims (15)
Elliott Group / Cascade Engineering / Unitex Textile Rental Services. Teaser.
Nefilim
Discovery Date: 2021-09-09
N/A
DKA (refrigeration and air conditioning specialist, Dussmann Group subsidiary)
Nefilim
Discovery Date: 2020-07-27
N/A
