Pysa
Mespinosa is a ransomware which encrypts file using an asymmetric encryption and adds .pysa as file extension. According to dissectingmalware the extension "pysa" is probably derived from the Zanzibari Coin with the same name.
Victims
311
First Discovered
2020-07-01
victim
Last Discovered
2022-09-20
victim
Inactive Since
3yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
0.0%
victims with domain
Known Locations (1)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Pysa's Partners | No | 2025-06-01 21:19:12 | pysa2bitc5ldeyfak4seeruqymqs4sj5wt5qkcq7aoyg4h2acqieywad.onion |
Target (Available)
Top 5 Activity Sectors
- Communication 1
- Healthcare and Public Health 1
- Government Facilities 1
Top 5 Countries
-
Canada
1
-
United States
1
-
United Kingdom
1
Heatmap (Available)
Ransom Notes (0)
No ransom notes available.
Tools Used (Available)
| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
|
ADRecon
Advanced IP Scanner
Advanced Port Scanner
|
|
|
Mimikatz
ProcDump
SessionGopher
|
Chashell
Koadic
PowerShell Empire
PowerSploit
|
|
PsExec
WMIC
|
FileZilla
WinSCP
|
Vulnerabilities Exploited (0)
No vulnerabilities exploited available.
TTPs Matrix (0)
No TTPs available.
Negotiation Chats (0)
No negotiation chats available.
YARA Rules (0)
No YARA rules available.
Indicators of Compromise (IoCs) (0)
No IoCs available for this group.
Victims (311)
