- Recent victims
- Cyberattacks in the press
- Ransomware Groups
- Negotiation Chats
- Ransom Notes
- Statistics
- Victims by country
- Cartography
- Intel
- API
- About
- Disclaimer
- Contact us
| Initial Access (TA0001) | Execution (TA0002) | Defense Evasion (TA0005) | Credential Access (TA0006) | Discovery (TA0007) | Lateral Movement (TA0008) | Command and Control (TA0011) |
|---|---|---|---|---|---|---|
|
External Remote Services (T1133) Cuba ransomware operators used external remote services for initial access. |
Native API (T1106) Cuba ransomware used native API calls to execute malicious behaviors. |
Masquerading: Match Legitimate Name or Location (T1036.005) The ransomware used legitimate names or locations to evade detection. |
Exploitation for Credential Access (T1212) Cuba ransomware operators exploited vulnerabilities to gain credential access. |
Time Discovery (T1124) Cuba ransomware operators performed time discovery on infected systems. |
Tool Transfer (T1570) Cuba ransomware operators used tool transfer for lateral movement. |
Remote Desktop Protocol (T1219) The operators used Remote Desktop Protocol (RDP) for command and control. |
|
Valid Accounts: Local Accounts (T1078.003) Operators leveraged valid local accounts for initial access. |
User Execution: Malicious File (T1204.002) Malicious files were used to trick users into executing ransomware. |
Exploitation for Privilege Escalation (T1068) Cuba ransomware exploited vulnerabilities to escalate privileges. |
Remote Services: External Remote Services (T1021.002) Remote services were used to gain access to systems during the attack. |
Network Share Discovery (T1135) Network shares were enumerated by the ransomware. |
External Remote Services (T1333) Operators utilized external remote services to move laterally within the network. |
Multi-hop Proxy (T1090.003) Cuba ransomware operators used multi-hop proxies to obfuscate communication. |
|
Command and Scripting Interpreter: PowerShell (T1059.001) Cuba ransomware operators executed PowerShell commands during the attack. |
Remote System Discovery (T1018) Remote systems were discovered using built-in utilities. |
Application Layer Protocol: DNS (T1071.004) DNS was used as a protocol for command and control communication. |
||||
|
Command and Scripting Interpreter: Windows Command Shell (T1059.003) The Windows Command Shell was used to execute various commands during the attack. |
File and Directory Discovery (T1083) Files and directories were enumerated during the attack. |
Application Layer Protocol: Web Protocols (T1071.001) Web protocols such as HTTP and HTTPS were used for communication. |
||||
|
System Services: Service Execution (T1569.002) Cuba ransomware was executed using Windows system services. |
Process Discovery (T1057) Running processes were identified during the attack. |
|||||
|
Network Configuration Discovery: Network Connection Enumeration (T1016.001) Network connections were enumerated for discovery purposes. |
This information is provided by Crocodyli or Ransomware.live