MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

[threat-actors] Add SEXi

pull/985/head
Mathieu4141 2024-06-06 01:27:07 -07:00
parent b5f257c4e1
commit 7ade514644
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
clusters/threat-actor.json
View File

@ -16056,6 +16056,18 @@
},
"uuid": "1dcbad05-c5b7-4ec3-8920-45f396554f7a",
"value": "FlyingYeti"
},
{
"description": "SEXi is a ransomware group that targets VMware ESXi servers, encrypting data and demanding ransom payments. They have been observed encrypting virtual machines and backups, causing significant disruptions to services. The group's name is a play on the word \"ESXi,\" indicating a deliberate focus on these systems. SEXi has been linked to other ransomware variants based on the Babuk source code.",
"meta": {
"refs": [
"https://www.cybersecurity-insiders.com/proven-data-restores-powerhosts-vmware-backups-after-sexi-ransomware-attack/",
"https://heimdalsecurity.com/blog/powerhosts-esxi-servers-encrypted-with-new-sexi-ransomware/",
"https://www.darkreading.com/threat-intelligence/sexi-ransomware-desires-vmware-hypervisors"
]
},
"uuid": "1bd2034f-a135-4c71-b08f-867b7f9e7998",
"value": "SEXi"
}
],
"version": 310