Куда я попал?
Cheerscrypt
Cheerscrypt is a ransomware that was developed by Cinnamon Tempest and has been used in attacks against ESXi and Windows environments since at least 2022. Cheerscrypt was derived from the leaked Babuk source code and has infrastructure overlaps with deployments of Night Sky ransomware, which was also derived from Babuk.(Citation: Sygnia Emperor Dragonfly October 2022)(Citation: Trend Micro Cheerscrypt May 2022)
ID: S1096
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 18 Dec 2023
Last Modified: 15 Apr 2025
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .012 | Command and Scripting Interpreter: Hypervisor CLI |
Cheerscrypt has leveraged `esxcli` in order to terminate running virtual machines.(Citation: Trend Micro Cheerscrypt May 2022) |
Groups That Use This Software |
||
| ID | Name | References |
|---|---|---|
| G1021 | Cinnamon Tempest |
(Citation: Sygnia Emperor Dragonfly October 2022) (Citation: Trend Micro Cheerscrypt May 2022) |
References
- Biderman, O. et al. (2022, October 3). REVEALING EMPEROR DRAGONFLY: NIGHT SKY AND CHEERSCRYPT - A SINGLE RANSOMWARE GROUP. Retrieved December 6, 2023.
- Dela Cruz, A. et al. (2022, May 25). New Linux-Based Ransomware Cheerscrypt Targeting ESXi Devices Linked to Leaked Babuk Source Code. Retrieved December 19, 2023.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.