- Recent victims
- Cyberattacks in the press
- Ransomware Groups
- Negotiation Chats
- Ransom Notes
- Statistics
- Victims by country
- Cartography
- Tools Matrix
- Vuln. Matrix
- API
- About
- Disclamer
- Contact us
| Execution (TA0002) | Defense Evasion (TA0005) | Discovery (TA0007) | Lateral Movement (TA0008) | Impact (TA0040) |
|---|---|---|---|---|
|
User Execution (T1204) An adversary may rely upon specific actions by a user in order to gain execution. |
Virtualization/Sandbox Evasion (T1497) Adversaries may employ various means to detect and avoid virtualization and analysis environments. |
System Information Discovery (T1082) An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. |
Replication Through Removable Media (T1091) Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. |
Data Encrypted for Impact (T1486) Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. |
|
Command and Scripting Interpreter (T1059) Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. |
Software Packing (T1027.002) Adversaries may perform software packing or virtual machine software protection to conceal their code. |
File and Directory Discovery (T1083) Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. |
||
|
Masquerading (T1036) Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. |
Security Software Discovery (T1518.001) Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. |
|||
|
Peripheral Device Discovery (T1120) Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. |
This information is provided by Crocodyli or Ransomware.live