{
	"id": "2b8492da-64e3-44fd-adfc-f4ab31929978",
	"created_at": "2026-04-06T01:31:31.375197Z",
	"updated_at": "2026-04-10T03:21:05.772642Z",
	"deleted_at": null,
	"sha1_hash": "c13c442afa90957e6cbb143a0ebc91fb29debb4b",
	"title": "Defray (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28567,
	"plain_text": "Defray (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-06 01:06:31 UTC\r\nDefray is ransomware that appeared in 2017, and is targeted ransomware, mainly on the healthcare vertical.\r\nThe distribution of Defray has several notable characteristics:\r\nAccording to Proofpoint:\r\n\"\r\nDefray is currently being spread via Microsoft Word document attachments in email\r\nThe campaigns are as small as several messages each\r\nThe lures are custom crafted to appeal to the intended set of potential victims\r\nThe recipients are individuals or distribution lists, e.g., group@ and websupport@\r\nGeographic targeting is in the UK and US\r\nVertical targeting varies by campaign and is narrow and selective\r\n\"\r\n[TLP:WHITE] win_defray_auto (20251219 | Detects win.defray.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.defray\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.defray\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.defray"
	],
	"report_names": [
		"win.defray"
	],
	"threat_actors": [],
	"ts_created_at": 1775439091,
	"ts_updated_at": 1775791265,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c13c442afa90957e6cbb143a0ebc91fb29debb4b.pdf",
		"text": "https://archive.orkl.eu/c13c442afa90957e6cbb143a0ebc91fb29debb4b.txt",
		"img": "https://archive.orkl.eu/c13c442afa90957e6cbb143a0ebc91fb29debb4b.jpg"
	}
}