Active ransomware operator
← All groupsNemty
0 victims indexed · last activity 5 years ago
0
Victims indexed
—
Active period
—
Countries hit
At a glance
- Status
- active
- First seen
- —
- Last activity
- 5 years ago
- Onion sites
- 1 known endpoint
About
Auto-discovered from ransomware tracking sources
References
29 linksExternal sources curated by the MISP threat-intel community.
- trendmicro.com/vinfo/us/security/news/cyber-attacks/nemty-ransomware-possibly-spreads-through-exposed-remote-desktop-connections
- secureworks.com/research/threat-profiles/gold-mansard
- docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
- github.com/albertzsigovits/malware-notes/blob/master/Nemty.md
- go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
- labs.sentinelone.com/meet-nemty-successor-nefilim-nephilim-ransomware/
- medium.com/csis-techblog/inside-view-of-brazzzersff-infrastructure-89b9188fd145
- medium.com/csis-techblog/the-nemty-affiliate-model-13f5cf7ab66b
- raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-08-24-nemty-ransomware-notes.vk.raw
- securelist.com/evolution-of-jsworm-ransomware/102428/
- symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nemty-ransomware-trik-botnet
- bleepingcomputer.com/news/security/fake-paypal-site-spreads-nemty-ransomware/
- bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/
- bleepingcomputer.com/news/security/nemty-ransomware-gets-distribution-from-rig-exploit-kit/
- bleepingcomputer.com/news/security/new-nemty-ransomware-may-spread-via-compromised-rdp-connections/
- bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/
- cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware
- cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/
- fortinet.com/blog/threat-research/nemty-ransomware-early-stage-threat.html
- lastline.com/labsblog/nemty-ransomware-scaling-up-apac-mailboxes-swarmed-dual-downloaders/
Recent victims
Loading…
Onion infrastructure
1 known- http://zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion
Source
Updated 5 years agoData on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.