Register to stream ATT&CKcon 2.0 October 29-30


SamSam is ransomware that appeared in early 2016. Unlike some ransomware, its variants have required operators to manually interact with the malware to execute some of its core components.[1][2][3][4]

ID: S0370
Associated Software: Samas
Platforms: Windows
Version: 1.0

Associated Software Descriptions

Name Description
Samas [1]

Techniques Used

Domain ID Name Use
Enterprise T1009 Binary Padding SamSam has used garbage code to pad some of its malware components. [3]
Enterprise T1486 Data Encrypted for Impact SamSam encrypts victim files using RSA-2048 encryption and demands a ransom be paid in Bitcoin to decrypt those files. [3]
Enterprise T1107 File Deletion SamSam has been seen deleting its own files and payloads to make analysis of the attack more difficult. [3]
Enterprise T1027 Obfuscated Files or Information SamSam has been seen using AES or DES to encrypt payloads and payload components. [3] [2]
Enterprise T1064 Scripting SamSam uses custom batch scripts to execute some of its components. [3]