Cheerscrypt - S1096 (5d3fa1db-5041-4560-b87b-8f61cc225c52)

Cheerscrypt is a ransomware that was developed by Cinnamon Tempest and has been used in attacks against ESXi and Windows environments since at least 2022. Cheerscrypt was derived from the leaked Babuk source code and has infrastructure overlaps with deployments of Night Sky ransomware, which was also derived from Babuk.(Citation: Sygnia Emperor Dragonfly October 2022)(Citation: Trend Micro Cheerscrypt May 2022)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Cheerscrypt - S1096 (5d3fa1db-5041-4560-b87b-8f61cc225c52)	Malware	Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	1
Cheerscrypt - S1096 (5d3fa1db-5041-4560-b87b-8f61cc225c52)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	1
Cheerscrypt - S1096 (5d3fa1db-5041-4560-b87b-8f61cc225c52)	Malware	Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b)	Attack Pattern	1