Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1486 | Data Encrypted for Impact |
Moneybird targets a common set of file types such as documents, certificates, and database files for encryption while avoiding executable, dynamic linked libraries, and similar items.[1] |
|
Enterprise | T1027 | .009 | Obfuscated Files or Information: Embedded Payloads |
Moneybird contains a configuration blob embedded in the malware itself.[1] |
ID | Name | References |
---|---|---|
G1030 | Agrius |
Moneybird is associated with ransomware operations launched by Agrius.[1] |