Exsiargs

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
EXSiArgs is a form of malware, specifically a ransomware strain that targets specific vulnerabilities in computer systems. Ransomware is malicious software designed to block access to a computer system until a sum of money is paid. EXSiArgs is one of many threats developed from the leaked Babuk code, which has spawned multiple ransomware strains including Rook, Night Sky, Pandora, Cheerscrypt, AstraLocker, Rorschach, RTM Locker, and RA Group. These ransomware strains exploit different vulnerabilities and are designed to cause maximum disruption and damage. According to the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), approximately 3800 servers worldwide have been compromised by EXSiArgs. This ransomware strain, as its name suggests, primarily targets VMware hypervisors, a type of platform that allows multiple operating systems to run on a single host computer simultaneously. The widespread impact of EXSiArgs underscores the significant threat posed by this type of malware. Several notable descendants of the Babuk code have emerged, each exploiting unique vulnerabilities. For instance, the Nokoyawa strain exploited a Windows Common Log File System zero-day vulnerability, while the Rorschach strain drew inspiration from various other ransomwares, confounding researchers when it first appeared in April 2023. The emergence of these varied strains highlights the adaptability of ransomware threats and the ongoing need for robust cybersecurity measures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Nokoyawa
1
Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Exploit
Ransomware
CISA
Windows
Zero Day
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RorschachUnspecified
1
Rorschach, also known as BabLock, is a malware variant that has been recognized for its speed and sophistication. It is a form of ransomware that encrypts files on infected systems at an unprecedented rate, with Check Point researchers noting it as one of the fastest ransomware variants ever observe
BabukUnspecified
1
Babuk is a type of malware, specifically ransomware, which is designed to infiltrate systems and hold data hostage for ransom. It can be delivered through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside a system, Babuk can disrupt operations and steal perso
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Exsiargs Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
New ransomware gang RA Group quickly expanding operations
CERT-EU
7 months ago
Babuk Tortilla ransomware decryptor made available | #ransomware | #cybercrime | National Cyber Security Consulting
Malwarebytes
a year ago
New ESXiArgs encryption routine outmaneuvers recovery methods
CERT-EU
a year ago
VMWare ESXi Servers Targeted by Ransomware Gangs