Created: 28 December 2020
Last Modified: 29 December 2020
|Enterprise||T1087||.002||Account Discovery: Domain Account|
|Enterprise||T1482||Domain Trust Discovery|
|Enterprise||T1069||.002||Permission Groups Discovery: Domain Groups|
|Enterprise||T1018||Remote System Discovery|
|Enterprise||T1016||System Network Configuration Discovery|
Groups That Use This Software
- Brian Donohue, Katie Nickels, Paul Michaud, Adina Bodkins, Taylor Chapman, Tony Lambert, Jeff Felling, Kyle Rainey, Mike Haag, Matt Graeber, Aaron Didier.. (2020, October 29). A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak. Retrieved October 30, 2020.
- McKeague, B. et al. (2019, April 5). Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware. Retrieved April 17, 2019.
- Goody, K., et al (2019, January 11). A Nasty Trick: From Credential Theft Malware to Business Disruption. Retrieved May 12, 2020.
- The DFIR Report. (2020, October 8). Ryuk’s Return. Retrieved October 9, 2020.
- The DFIR Report. (2020, November 5). Ryuk Speed Run, 2 Hours to Ransom. Retrieved November 6, 2020.
- Symantec. (2020, November 17). Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign. Retrieved December 17, 2020.
- MSTIC. (2020, December 18). Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers . Retrieved January 5, 2021.