Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 03:09:55 UTC
Home > List all groups > List all tools > List all groups using tool Defray777
 Tool: Defray777
Names
Defray777
Defray
Defray 2018
Target777
Ransom X
RansomExx
Glushkov
Category Malware
Type Ransomware, Big Game Hunting
Description
(Palo Alto) Defray777 is an elusive family of ransomware also known as Ransom X and
RansomExx. Although it has recently been covered in the news as a new family, it has
been in use since at least 2018 and is responsible for a number of high-profile ransomware
incidents -- as detailed in the articles we linked to.
Defray777 runs entirely in memory, which is why there have been so few publicly
discussed samples to date. In several recent incidents, Defray777 was loaded into memory
and executed by Cobalt Strike, which was delivered by the Vatet loader.
Information
Malpedia AlienVault OTX https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ec6a3a6f-e491-4831-a92f-7fd13b93331f
Page 1 of 2

Last change to this tool card: 28 December 2022
Download this tool card in JSON format
All groups using tool Defray777
Changed Name Country Observed
APT groups
  Sprite Spider, Gold Dupont [Unknown] 2015-Nov 2022  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ec6a3a6f-e491-4831-a92f-7fd13b93331f
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ec6a3a6f-e491-4831-a92f-7fd13b93331f
Page 2 of 2