This page is not meant to capture all the details of all cyber attacks, it's merely a reference for me for future use. It allows me to quickly see the most common exploits and understand how the attack spread, this helps inform how to mitigate against those attacks.
A useful site to be aware of is https://www.nomoreransom.org/en/index.html run by Europol, it details decryption methods for some ransomware.
Name
|
Type
|
Action
|
Entry Point
|
MITRE
|
Exploit Tools
|
Spread
|
IOC
|
Pay2Key
|
Ransomware
|
Encrypt networks
|
RDP
|
T1133 - External Remote Services
|
PsExec
|
Once inside a victim's network, the attackers will set up a pivot device that will be used as a proxy for all outgoing communications between the ransomware infected computers and Pay2Key's command-and-control (C2) servers.
|
Prescence of Cobalt.Client.exe to encrypt
|
No comments:
Post a Comment