"storm - 1175 exploits flaws in high - velocity medusa attacks a prolific cybercrime group has been weaponizing n - day and zero - day exploits in high - tempo medusa ransomware attacks over the past three years, microsoft has revealed. storm - 1175 is a financially motivated acto…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587.004Exploits
67%
"storm - 1175 exploits flaws in high - velocity medusa attacks a prolific cybercrime group has been weaponizing n - day and zero - day exploits in high - tempo medusa ransomware attacks over the past three years, microsoft has revealed. storm - 1175 is a financially motivated acto…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078Valid Accounts
59%
"typical ttps used by storm - 1175 : - the group creates a web shell or drops a remote access payload to establish an initial foothold – moving from initial access to ransomware deployment in one to six days - it establishes persistence by creating a new user and adding that user …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
52%
"or using antivirus exclusions - removing unapproved rmm installations and adding multi - factor authentication ( mfa ) to approved ones - configuring xdr tools to prevent common attack techniques used in ransomware attacks"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
46%
"storm - 1175 exploits flaws in high - velocity medusa attacks a prolific cybercrime group has been weaponizing n - day and zero - day exploits in high - tempo medusa ransomware attacks over the past three years, microsoft has revealed. storm - 1175 is a financially motivated acto…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1136.001Local Account
46%
"typical ttps used by storm - 1175 : - the group creates a web shell or drops a remote access payload to establish an initial foothold – moving from initial access to ransomware deployment in one to six days - it establishes persistence by creating a new user and adding that user …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware