From fc2cb9e253da66bc412c84808015903e64dd4ab8 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 17 Nov 2023 02:59:57 -0800
Subject: [PATCH] [threat-actors] Add DefrayX

---
 clusters/threat-actor.json | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 8ead5ee..1a9539b 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13221,6 +13221,21 @@
       },
       "uuid": "4c4a8cb7-b4c4-4637-8e41-dfe19a6b40c7",
       "value": "NewsPenguin"
+    },
+    {
+      "description": "DefrayX is a threat actor group known for their RansomExx ransomware operations. They primarily target Linux operating systems, but also release versions for Windows. The group has been active since 2018 and has targeted various sectors, including healthcare and manufacturing. They have also developed other malware strains such as PyXie RAT, Vatet loader, and Defray ransomware.",
+      "meta": {
+        "refs": [
+          "https://securityaffairs.co/wordpress/138933/malware/ransomexx-ransomware-rust-language.html",
+          "https://research.checkpoint.com/2022/28th-november-threat-intelligence-report/",
+          "https://securityintelligence.com/posts/ransomexx-upgrades-rust/"
+        ],
+        "synonyms": [
+          "Hive0091"
+        ]
+      },
+      "uuid": "9c102b55-29ea-4d90-9b36-33ba42f65d79",
+      "value": "DefrayX"
     }
   ],
   "version": 294