Tactics, Techniques and Procedures for  Dragonforce



Sponsored by Hudson RockUse Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Execution (TA0002) Defense Evasion (TA0005) Discovery (TA0007) Impact (TA0040)
User Execution (T1204.002)
Executes a malicious file on the victim's system.
Impair Defenses: Disable or Modify Tools (T1562.001)
Disables Windows Defender (if it is running).
File and Directory Discovery (T1083)
The ransomware enumerates directories to encrypt files.
Data Encrypted for Impact (T1486)
The ransomware uses data encryption to extort the victim.
Indicator Removal: File Deletion (T1070.004)
The ransomware self-deletes after execution.

This information is provided by Crocodyli or Ransomware.live