MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2025-01-18 10:36:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

add ttp for 8base ransomware

Browse source
This commit is contained in:
Delta-Sierra 2024-12-13 14:41:27 +01:00
parent 02810e7638
commit d5e2c8ce9d
1 changed files with 244 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

244
clusters/ransomware.json
View file

@ -28688,8 +28688,252 @@
],
"refs": [
"https://www.ransomlook.io/group/8base"
],
"ttp": [
"Scheduled Task/Job - T1053",
"Command and Scripting Interpreter - T1059",
"Shared Modules - T1129",
"Boot or Logon Autostart Execution - T1547",
"Registry Run Keys / Startup Folder - T1547.001",
"Token Impersonation/Theft - T1134.001",
"Obfuscated Files or Information - T1027",
"Software Packing - T1027.002",
"Modify Registry - T1112",
"Indirect Command Execution - T1202",
"Masquerading - T1036",
"Hidden Files and Directories - T1564.001",
"File Deletion - T1070.004",
"Virtualization/Sandbox Evasion - T1497",
"Disable or Modify Tools - T1562.001",
"OS Credential Dumping - T1003",
"Input Capture - T1056",
"Process Discovery - T1057",
"Network Share Discovery - T1135",
"System Information Discovery - T1082",
"File and Directory Discovery - T1083",
"Virtualization/Sandbox Evasion - T1497",
"Security Software Discovery - T1518.001",
"Taint Shared Content - T1080",
"Data from Local System - T1005",
"Data Staged - T1074",
"Input Capture - T1056",
"Inhibit System Recovery - T1490",
"Data Encrypted for Impact - T1486",
"Data Destruction - T1485"
]
},
"related": [
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "3b0e52ce-517a-4614-a523-1bd5deef6c5e",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
},
{
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
"tags": [
"estimative-language:likelihood-probability=\"very-likely\""
],
"type": "uses"
}
],
"uuid": "1cc6ada3-a632-54a4-9df1-f41287e3f566",
"value": "8base"
},