Tactics, Techniques and Procedures for  Crosslock


Sponsored by Hudson RockUse Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Execution (TA0002) Privilege Escalation (TA0004) Defense Evasion (TA0005) Discovery (TA0007) Lateral Movement (TA0008) Impact (TA0040)
Command and Scripting Interpreter (T1059)
Utilizes the Windows Command Shell for execution. 		Abuse Elevation Control Mechanism (T1548)
Bypasses User Account Control (UAC) to escalate privileges. 		Process Injection (T1055)
Employs process hollowing to evade detection. 		System Service Discovery (T1007)
Discovers system services running on the victim's machine. 		Remote Services (T1021)
Uses SMB/Windows Admin Shares to move laterally within the network. 		Data Encrypted for Impact (T1486)
Encrypts data on the victim's system to extort payment.
Indicator Removal (T1070)
Clears Windows event logs to remove evidence. 		Process Discovery (T1057)
Enumerates running processes on the victim's system. 		Inhibit System Recovery (T1490)
Deletes volume shadow copies to prevent system recovery.
File and Directory Discovery (T1083)
Enumerates files and directories on the victim's system.

This information is provided by Crocodyli or Ransomware.live

© 2024 Ransomware.live. All rights reserved.  |    Contact us  |    BlueSky  |    GitHub  |    LinkedIn

  Support Ransomare.live