Pysa
Mespinosa is a ransomware which encrypts file using an asymmetric encryption and adds .pysa as file extension. According to dissectingmalware the extension "pysa" is probably derived from the Zanzibari Coin with the same name.
External information
Victims
311
First Discovered
victim2020-07-01
Last Discovered
victim2022-09-20
Inactive Since
more than3 years
Avg Delay
between attack and claimN/A
Infostealer
for victim with domain0.0%
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Pysa's Partners | No | 2025-06-01 21:19:12 | pysa2bitc5ldeyfak4seeruqymqs4sj5wt5qkcq7aoyg4h2acqieywad.onion |
Target (Available)
Top 5 Activity Sectors
- Communication 1
- Healthcare and Public Health 1
- Government Facilities 1
Top 5 Countries
-
Canada
1
-
United States
1
-
United Kingdom
1
Heatmap (Available)
Ransom Notes (0)
No ransom notes available.
Tools Used (Available)
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
ADRecon
Advanced IP Scanner
Advanced Port Scanner
|
|
|
Mimikatz
ProcDump
SessionGopher
|
Chashell
Koadic
PowerShell Empire
PowerSploit
|
|
PsExec
WMIC
|
FileZilla
WinSCP
|
Vulnerabilities Exploited (0)
No vulnerabilities exploited available.
TTPs Matrix (0)
No TTPs available.
Negotiation Chats (0)
No negotiation chats available.
YARA Rules (0)
No YARA rules available.
Indicators of Compromise (IoCs) (0)
No IoCs available for this group.
