mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-30 02:37:17 +00:00
[threat-actors] Add SEXi
This commit is contained in:
parent
b5f257c4e1
commit
7ade514644
1 changed files with 12 additions and 0 deletions
|
@ -16056,6 +16056,18 @@
|
||||||
},
|
},
|
||||||
"uuid": "1dcbad05-c5b7-4ec3-8920-45f396554f7a",
|
"uuid": "1dcbad05-c5b7-4ec3-8920-45f396554f7a",
|
||||||
"value": "FlyingYeti"
|
"value": "FlyingYeti"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "SEXi is a ransomware group that targets VMware ESXi servers, encrypting data and demanding ransom payments. They have been observed encrypting virtual machines and backups, causing significant disruptions to services. The group's name is a play on the word \"ESXi,\" indicating a deliberate focus on these systems. SEXi has been linked to other ransomware variants based on the Babuk source code.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.cybersecurity-insiders.com/proven-data-restores-powerhosts-vmware-backups-after-sexi-ransomware-attack/",
|
||||||
|
"https://heimdalsecurity.com/blog/powerhosts-esxi-servers-encrypted-with-new-sexi-ransomware/",
|
||||||
|
"https://www.darkreading.com/threat-intelligence/sexi-ransomware-desires-vmware-hypervisors"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "1bd2034f-a135-4c71-b08f-867b7f9e7998",
|
||||||
|
"value": "SEXi"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 310
|
"version": 310
|
||||||
|
|
Loading…
Reference in a new issue