LockerGoga
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1562 | .001 | Impair Defenses: Disable or Modify Tools |
LockerGoga installation has been immediately preceded by a "task kill" command in order to disable anti-virus.(Citation: Wired Lockergoga 2019) |
| Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
LockerGoga has been observed deleting its original launcher after execution.(Citation: CarbonBlack LockerGoga 2019) |
| Enterprise | T1553 | .002 | Subvert Trust Controls: Code Signing |
LockerGoga has been signed with stolen certificates in order to make it look more legitimate.(Citation: Wired Lockergoga 2019) |
References
- CarbonBlack Threat Analysis Unit. (2019, March 22). TAU Threat Intelligence Notification – LockerGoga Ransomware. Retrieved April 16, 2019.
- Harbison, M. (2019, March 26). Born This Way? Origins of LockerGoga. Retrieved April 16, 2019.
- McKeague, B. et al. (2019, April 5). Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware. Retrieved April 17, 2019.
- Greenberg, A. (2019, March 25). A Guide to LockerGoga, the Ransomware Crippling Industrial Firms. Retrieved July 17, 2019.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.