Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

MegaCortex

MegaCortex is ransomware that first appeared in May 2019. (Citation: IBM MegaCortex) MegaCortex has mainly targeted industrial organizations. (Citation: FireEye Ransomware Disrupt Industrial Production)(Citation: FireEye Financial Actors Moving into OT)
ID: S0576
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 17 Feb 2021
Last Modified: 26 Apr 2021

Techniques Used

Domain ID Name Use
Enterprise T1059 .003 Command and Scripting Interpreter: Windows Command Shell

MegaCortex has used .cmd scripts on the victim's system.(Citation: IBM MegaCortex)

Enterprise T1561 .001 Disk Wipe: Disk Content Wipe

MegaCortex can wipe deleted data from all drives using cipher.exe.(Citation: IBM MegaCortex)

Enterprise T1562 .001 Impair Defenses: Disable or Modify Tools

MegaCortex was used to kill endpoint security processes.(Citation: IBM MegaCortex)

Enterprise T1588 .003 Obtain Capabilities: Code Signing Certificates

MegaCortex has used code signing certificates issued to fake companies to bypass security controls.(Citation: IBM MegaCortex)

Enterprise T1055 .001 Process Injection: Dynamic-link Library Injection

MegaCortex loads injecthelper.dll into a newly created rundll32.exe process.(Citation: IBM MegaCortex)

Enterprise T1218 .011 System Binary Proxy Execution: Rundll32

MegaCortex has used rundll32.exe to load a DLL for file encryption.(Citation: IBM MegaCortex)

Enterprise T1497 .001 Virtualization/Sandbox Evasion: System Checks

MegaCortex has checked the number of CPUs in the system to avoid being run in a sandbox or emulator.(Citation: IBM MegaCortex)