Threat Actor Profile
Low
Cybercriminal
Description
Nemty is a ransomware that was discovered in September 2019. Fortinet states that they found it being distributed through similar ways as Sodinokibi and also noted artfifacts they had seen before in Gandcrab.
Confidence Score
Tags
ransomware
ransomware.live
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'added_date': None,
'client': '2003264@sit.singaporetech.edu.sg',
'description': 'Nemty is a ransomware that was discovered in September 2019. '
'Fortinet states that they found it being distributed through '
'similar ways as Sodinokibi and also noted artfifacts they had '
'seen before in Gandcrab.\n',
'firstseen': None,
'group': 'nemty',
'has_negotiations': False,
'has_ransomnote': True,
'lastseen': None,
'locations': [{'available': False,
'fqdn': 'zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion',
'slug': 'http://zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion',
'title': '',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 3,
'tiaras_metadata': {'has_negotiations': False,
'has_ransomnote': True,
'locations': [{'available': False,
'fqdn': 'zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion',
'slug': 'http://zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion',
'title': '',
'type': 'DLS'}],
'negotiation_count': 0,
'ransomnotes_count': 3,
'ransomware_live_group': 'nemty',
'tools': {},
'url': 'https://www.ransomware.live/group/nemty',
'victims': 0,
'vulnerabilities': []},
'tiaras_source': 'ransomware.live',
'tools': {},
'ttps': [],
'url': 'https://www.ransomware.live/group/nemty',
'victims': 0,
'vulnerabilities': []}