PanelActoresCampanasMapaTTPs
Panel » Actores » ransomexx
ArsenalExploitsTTP MatrixKillChainMapaActoresSSLBLRansomLookRansomwhereAlertasCyberNews
ransomexx logo

ransomexx

5 incidentes 2 paises 3 sectores ransomware Ultimo: 2026-06-25
Aliases: Defray 2018, Ransom X, Defray777, Defray, Defray-777
Ver en IntelTracker → APTTrail →
RansomEXX is a financially motivated ransomware group that debuted as Defray777 in 2018, gaining prominence in 2020 after rebranding to RansomEXX and engaging in high-profile attacks. The group operates a double extortion model, exfiltrating sensitive data before encrypting files and threatening public release if ransom demands are not met. RansomEXX distinguishes itself through its targeted, human-operated attacks on high-value organizations and its development of both Windows and Linux variants of its ransomware, a capability that expanded in mid-2020. More recently, the group has adopted the Rust programming language for new ransomware variants, which aids in evading traditional antivirus detection. RansomEXX is also known by the aliases Defray, Defray777, and Ransom X, and is linked to the threat group Gold Dupont.
Malware asociado
win.webmonitor, Smoke Loader, Ransom:Win32/WannaCrypt, win.ratel, win.simda, Smoke Loader
Tecnicas MITRE
T1555.003, T1573, T1210, T1046, T1453, T1562.003
CVEs relacionadas
CVE-2023-4966, CVE-2023-36884, CVE-2023-23397, CVE-2023-22518, CVE-2022-26134, CVE-2017-8464

RansomLook pivots

Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.

Abrir perfil →
Data
RecentBrowseTrendingStats
Intel
GroupURLsCryptoLeaksNotesAnalysesTorrents
Info
APIGlossaryAbout
Victimas
4
TTPs unicas
1
Info robada historica
2.06 GB
Rescates reclamados
N/D
Pagos detectados
N/D

TTPs observadas

T1566 Phishing

Paises afectados

Japan (2) Vietnam (2)

Paises objetivo (SOCRadar)

United Arab EmiratesArgentinaAustriaAustraliaBarbadosBangladeshBolivia, Plurinational State ofBrazilCanadaChile

Sectores atacados

Business Services (2) Hospitality and Tourism (1) Hospitality (1)

Sectores objetivo (SOCRadar)

Construction of BuildingsOther Information ServicesMonetary Authorities-Central BankRail TransportationSoftware PublishersReal EstateEnterprises & HoldingAccommodationAir TransportationManufacturing

URLs nuevas detectadas en IntelTracker

ransomware.anggipradana.com rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion

Victimas (4)

Go2Joy (go2joy.vn)20 Jun 2026
Ransomware Vietnam Hospitality and Tourism
Resumen Se ha reportado una alerta de ransomware relacionada con el grupo RansomExx, que ha expuesto datos sensibles de la plataforma Go2Joy, un sitio…
Ransomware Victim: Go2Joy (go2joy.vn) (ransomexx)20 Jun 2026
Ransomware Vietnam Hospitality
Go2Joy (go2joy.vn) Victima de ransomware reportada en el dashboard de ransomexx. CampoValor Gruporansomexx PaisVN SectorHospitality and Tourism Fecha2…
SOGO Auction17 Apr 2026
Ransomware Japan Business Services
Resumen El incidente de ransomware relacionado con SOGO Auction ha revelado una brecha significativa en la seguridad de datos. Según los reportes, se …
GoTip16 Apr 2026
Ransomware Japan Business Services
Resumen GoTip es un software de streaming japonés que permite a los espectadores enviar donaciones digitales a creadores en vivo, activando acciones e…