[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:11
[ALL_FAMILIES]

Nefilim

ransomware2 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
Nefilim
CATEGORY:
RANSOMWARE
DESCRIPTION:
Nefilim is a ransomware family that emerged around March 2020. It is known for its double extortion tactics, exfiltrating sensitive data from victims and threatening to publish it if the ransom is not paid.
ALIASES:
Nefilim-RansomwareRANSOM.WIN32.NEFILIM.G
TAGS:
file_encryptiondata_exfiltrationdouble_extortion

[MUTEX_SIGNATURES](2)

[MUTEX_01]
ONA MOYA ROZA I YA EE LUBLUUUUUUUU, ONA MOYA DOZA - SEGODNYA ZATYANU
ANALYST: @adhikara13 DATE: 2024-08-01
REFERENCES:
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.nefilim.g
[MUTEX_02]
Den'gi plyvut v karmany rekoy. My khodim po krayu nozha...
ANALYST: @adhikara13 DATE: 2026-02-27
REFERENCES:
https://blog.qualys.com/vulnerabilities-threat-research/2021/05/12/nefilim-ransomware

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
Unknown
FIRST_OBSERVED:
2020

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:2
THREAT_ACTORS:1
ALIASES:2
TAGS:3
CATEGORY:RANSOMWARE
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]