TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Infosecurity Magazine

Iran-Linked APT Posed as Chaos Ransomware Member in Espionage Campaign

10 hours ago · Read original ↗

ATT&CK techniques detected

4 predictions
T1486Data Encrypted for Impact
99%
“tools such as dwagent or anydesk. ” the lesson for investigators is to look “ beyond overt ransomware indicators ” and study the intrusion lifecycle closely, the report concluded. “ ultimately, this activity is best understood as a hybrid intrusion model, in which ransomware is l…”
T1080Taint Shared Content
91%
“tools such as dwagent or anydesk. ” the lesson for investigators is to look “ beyond overt ransomware indicators ” and study the intrusion lifecycle closely, the report concluded. “ ultimately, this activity is best understood as a hybrid intrusion model, in which ransomware is l…”
T1219Remote Access Tools
35%
“tools such as dwagent or anydesk. ” the lesson for investigators is to look “ beyond overt ransomware indicators ” and study the intrusion lifecycle closely, the report concluded. “ ultimately, this activity is best understood as a hybrid intrusion model, in which ransomware is l…”
T1219Remote Access Tools
33%
“discovered several links to previous infrastructure used by muddywater including : - a code - signing certificate ( “ donald gay ” ) used to validate the malware samples - the moonzonet [. ] com domain, which supported command - and - control ( c2 ) infrastructure - use of python…”

Summary

Rapid7 reveals an Iranian false flag operation masquerading as a Chaos ransomware attack