SamSam
Associated Software Descriptions |
|
Name | Description |
---|---|
Samas | (Citation: US-CERT SamSam 2018) |
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
SamSam uses custom batch scripts to execute some of its components.(Citation: Sophos SamSam Apr 2018) |
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
SamSam has been seen deleting its own files and payloads to make analysis of the attack more difficult.(Citation: Sophos SamSam Apr 2018) |
Enterprise | T1027 | .001 | Obfuscated Files or Information: Binary Padding |
SamSam has used garbage code to pad some of its malware components.(Citation: Sophos SamSam Apr 2018) |
.013 | Obfuscated Files or Information: Encrypted/Encoded File |
SamSam has been seen using AES or DES to encrypt payloads and payload components.(Citation: Sophos SamSam Apr 2018)(Citation: Talos SamSam Jan 2018) |
References
- Palotay, D. and Mackenzie, P. (2018, April). SamSam Ransomware Chooses Its Targets Carefully. Retrieved April 15, 2019.
- Symantec Security Response Attack Investigation Team. (2018, October 30). SamSam: Targeted Ransomware Attacks Continue. Retrieved April 16, 2019.
- US-CERT. (2018, December 3). Alert (AA18-337A): SamSam Ransomware. Retrieved March 15, 2019.
- Ventura, V. (2018, January 22). SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks. Retrieved April 16, 2019.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.