Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

🎯 ATT&CK Techniques Matrix

🎭 Ransomware Groups
8base Akira alphv BianLian BlackBasta BlackSuit BrainCipher cactus Clop Crosslock Cuba DoNex DragonForce hunters Medusa ransomhub Royal SafePay ThreeAM
This information is provided by Crocodyli & Ransomware.live
Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Impact
T1047
Windows Management Instrumentation 		T1053
Scheduled Task/Job 		T1053
Scheduled Task/Job 		T1021.001
Remote Services: Remote Desktop Protocol 		T1003.001
OS Credential Dumping 		T1007
System Service Discovery 		T1021
Remote Services 		T1005
Data from Local System 		T1485
Data Destruction
T1053
Scheduled Task/Job 		T1078
Valid Accounts 		T1068
Exploitation for privilege escalation 		T1027
Obfuscated Files or Information 		T1003.001
OS Credential Dumping: LSASS Memory 		T1010
Application Window Discovery 		T1021.001
Remote Desktop Protocol 		T1056
Input Capture 		T1486
Data Encrypted for Impact
T1053.005
Scheduled Task/Job: Scheduled Task 		T1098
Account Manipulation 		T1078
Valid Accounts 		T1027.002
Obfuscated Files or Information: Software Packing 		T1021.002
Remote Services: External Remote Services 		T1012
Query registry 		T1021.001
Remote Services: Remote Desktop Protocol 		T1074
Data Staged 		T1489
Service Stop
T1059
Command and Scripting Interpreter 		T1136
Create Account 		T1078.002
Valid Accounts: Domain Accounts 		T1027.002
Software Packing 		T1056
Input Capture 		T1016
System Network Configuration Discovery 		T1021.002
Remote services: SMB/Windows admin shares 		T1119
Automated Collection 		T1490
Inhibit System Recovery
T1059.001
Command and Scripting Interpreter: PowerShell 		T1136.001
Create Account: Local Account 		T1078.002
Domain Accounts 		T1027.005
Indicator Removal from Tools 		T1110
Brute Force 		T1016.001
Network Configuration Discovery: Network Connection Enumeration 		T1021.004
Remote Services: SSH 		T1560
Archive Collected Data 		T1498
Network Denial of Service
T1059.003
Command and Scripting Interpreter: Windows Command Shell 		T1136.002
Create Account: Domain Account 		T1134.001
Token Impersonation/Theft 		T1027.006
Obfuscated Files or Information: HTML Smuggling 		T1212
Exploitation for Credential Access 		T1018
Remote System Discovery 		T1078.002
Valid Accounts: Domain Accounts 		T1560.001
Archive Collected Data: Archive via Utility 		 
T1064
Scripting 		T1543.003
Create or Modify System Process: Windows Service 		T1134.002
Access Token Manipulation: Create Process with Token 		T1027.009
Embedded Payloads 		T1552
Unsecured Credentials 		T1049
System Network Connections Discovery 		T1080
Taint Shared Content 		   
T1072
Software Deployment Tools 		T1543.003
Windows Services 		T1484.001
Domain Policy Modification: Group Policy Modification 		T1036
Masquerading 		T1555
Credentials from Password Stores 		T1057
Process Discovery 		T1091
Replication Through Removable Media 		   
T1106
Native API 		T1547
Boot or Logon Autostart Execution 		T1543.003
Service Execution 		T1036.001
Masquerading: invalid code signature 		T1555.003
Credentials from Web Browsers 		T1082
System Information Discovery 		T1333
External Remote Services 		   
T1129
Shared Modules 		T1547
Server Software Component 		T1543.003
Create or Modify System Process: Windows Service 		T1036.005
Masquerading: Match Legitimate Name or Location 		  T1083
File and Directory Discovery 		T1550.002
Use Alternate Authentication Material: Pass the Hash 		   
T1204
User Execution 		T1547.001
Registry Run Keys/Startup Folder 		T1547
Boot or Logon Autostart Execution 		T1055
Process Injection 		  T1087
Account Discovery 		T1570
Lateral Tool Transfer 		   
T1204.002
User Execution: Malicious File 		T1547.001
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder 		T1547.001
Registry Run Keys/Startup Files 		T1055.001
Process injection: DLL injection 		  T1087.001
Account Discovery: Local Account 		T1570
Tool Transfer 		   
T1569.002
System Services: Service Execution 		T1574.001
Hijack Execution Flow: DLL Search Order Hijacking 		T1548
Abuse Elevation Control Mechanism 		T1064
Scripting 		  T1087.002
Account Discovery: Domain Account 		     
    T1548.002
Bypass User Account Control 		T1068
Exploitation for Privilege Escalation 		  T1120
Peripheral Device Discovery 		     
    T1548.002
Abuse Elevation Control Mechanism: Bypass User Account Control 		T1070
Indicator Removal 		  T1124
Time Discovery 		     
    T1574
Hijack execution flow 		T1070.001
Clear Windows Event Logs 		  T1135
Network Share Discovery 		     
    T1574.001
Hijack Execution Flow: DLL Search Order Hijacking 		T1070.001
Indicator Removal: Clear Windows Event Logs 		  T1482
Domain Trust Discovery 		     
    TA0004
Privilege Escalation 		T1070.001
Indicator removal on host: clear Windows event logs 		  T1497
Virtualization/Sandbox Evasion 		     
      T1070.004
File Deletion 		  T1518.001
Security Software Discovery 		     
      T1070.004
Indicator removal on host: file deletion 		  T1615
Group Policy Discovery 		     
      T1070.004
Indicator Removal: File Deletion 		  TA0007
Discovery 		     
      T1078.002
Domain Accounts 		         
      T1112
Modify Registry 		         
      T1119
Automated Collection 		         
      T1140
Deobfuscate/Decode Files or Information 		         
      T1202
Indirect Command Execution 		         
      T1222
File and Directory Permissions Modification 		         
      T1484.001
Domain Policy Modification: Group Policy Modification 		         
      T1497
Virtualization/Sandbox Evasion 		         
      T1548
Abuse Elevation Control Mechanism 		         
      T1562
Impair Defenses: Disable or Modify Tools 		         
      T1562
Impair Defenses 		         
      T1562.001
Disable or Modify Tools 		         
      T1562.004
Disable or Modify System Firewall Settings 		         
      T1562.009
Safe Mode Boot 		         
      T1564.001
Hidden Files and Directories 		         
      T1564.003
Hidden Window