RansomHub
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
RansomHub has created an autorun Registry key through the `-safeboot-instance -pass` command line argument.(Citation: Group-IB RansomHub FEB 2025) |
Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell |
RansomHub can use PowerShell to delete volume shadow copies.(Citation: Group-IB RansomHub FEB 2025) |
.003 | Command and Scripting Interpreter: Windows Command Shell |
RansomHub can use `cmd.exe` to execute multiple commands on infected hosts.(Citation: Group-IB RansomHub FEB 2025) |
||
Enterprise | T1491 | .001 | Defacement: Internal Defacement |
RansomHub has placed a ransom note on comrpomised systems to warn victims and provide directions for how to retrieve data.(Citation: CISA RansomHub AUG 2024) |
Enterprise | T1562 | .009 | Impair Defenses: Safe Mode Boot |
RansomHub can reboot targeted systems into Safe Mode prior to encryption.(Citation: Group-IB RansomHub FEB 2025) |
Enterprise | T1070 | .001 | Indicator Removal: Clear Windows Event Logs |
RansomHub can delete events from the Security, System, and Application logs.(Citation: Group-IB RansomHub FEB 2025) |
.004 | Indicator Removal: File Deletion |
RansomHub has the ability to self-delete.(Citation: Group-IB RansomHub FEB 2025) |
||
Enterprise | T1027 | .013 | Obfuscated Files or Information: Encrypted/Encoded File |
RansomHub has an encrypted configuration file.(Citation: Group-IB RansomHub FEB 2025) |
Enterprise | T1021 | .002 | Remote Services: SMB/Windows Admin Shares |
RansomHub can use credentials provided in its configuration to move laterally from the infected machine over SMBv2.(Citation: Group-IB RansomHub FEB 2025) |
Enterprise | T1497 | .003 | Virtualization/Sandbox Evasion: Time Based Evasion |
RansomHub can sleep for a set number of minutes before beginning execution.(Citation: Group-IB RansomHub FEB 2025) |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.