MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-26 08:47:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[threat-actors] Add SEXi

Browse source
This commit is contained in:
Mathieu4141 2024-06-06 01:27:07 -07:00
parent b5f257c4e1
commit 7ade514644
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
clusters/threat-actor.json
View file

@ -16056,6 +16056,18 @@
}, },
"uuid": "1dcbad05-c5b7-4ec3-8920-45f396554f7a", "uuid": "1dcbad05-c5b7-4ec3-8920-45f396554f7a",
"value": "FlyingYeti" "value": "FlyingYeti"
},
{
"description": "SEXi is a ransomware group that targets VMware ESXi servers, encrypting data and demanding ransom payments. They have been observed encrypting virtual machines and backups, causing significant disruptions to services. The group's name is a play on the word \"ESXi,\" indicating a deliberate focus on these systems. SEXi has been linked to other ransomware variants based on the Babuk source code.",
"meta": {
"refs": [
"https://www.cybersecurity-insiders.com/proven-data-restores-powerhosts-vmware-backups-after-sexi-ransomware-attack/",
"https://heimdalsecurity.com/blog/powerhosts-esxi-servers-encrypted-with-new-sexi-ransomware/",
"https://www.darkreading.com/threat-intelligence/sexi-ransomware-desires-vmware-hypervisors"
]
},
"uuid": "1bd2034f-a135-4c71-b08f-867b7f9e7998",
"value": "SEXi"
} }
], ],
"version": 310 "version": 310