Execution (TA0002) | Defense Evasion (TA0005) | Discovery (TA0007) | Impact (TA0040) |
---|---|---|---|
User Execution (T1204.002) Executes a malicious file on the victim's system. |
Impair Defenses: Disable or Modify Tools (T1562.001) Disables Windows Defender (if it is running). |
File and Directory Discovery (T1083) The ransomware enumerates directories to encrypt files. |
Data Encrypted for Impact (T1486) The ransomware uses data encryption to extort the victim. |
Indicator Removal: File Deletion (T1070.004) The ransomware self-deletes after execution. |
This information is provided by Crocodyli or Ransomware.live