Windows Processes Killed By Industroyer2 Malware
Service Stop
Impact
Linux Stop Services
Service Stop
Linux Shred Overwrite Command
Data Destruction
Linux High Frequency Of File Deletion In Boot Folder
Data Destruction , File Deletion , Indicator Removal on Host
Linux Disable Services
Service Stop
Linux Deleting Critical Directory Using RM Command
Data Destruction
Linux High Frequency Of File Deletion In Etc Folder
Data Destruction , File Deletion , Indicator Removal on Host
Linux Deletion of SSL Certificate
Data Destruction , File Deletion , Indicator Removal on Host
Linux deletion Of SSH Key
Data Destruction , File Deletion , Indicator Removal on Host
Linux deletion Of SSH Hash Conf
Data Destruction , File Deletion , Indicator Removal on Host
Linux Deletion Of Services
Data Destruction , File Deletion , Indicator Removal on Host
Linux Deletion Of Init Daemon Script
Data Destruction , File Deletion , Indicator Removal on Host
Linux Deletion Of Cron Jobs
Data Destruction , File Deletion , Indicator Removal on Host
Linux Account Manipulation Of SSH Config and Keys
Data Destruction , File Deletion , Indicator Removal on Host
Splunk DoS via Malformed S2S Request
Network Denial of Service
Windows Raw Access To Disk Volume Partition
Disk Structure Wipe , Disk Wipe
Windows Raw Access To Disk Volume Partition
Disk Structure Wipe , Disk Wipe
Windows File Without Extension In Critical Folder
Data Destruction
Windows Disable Memory Crash Dump
Data Destruction
Windows Raw Access To Master Boot Record Drive
Disk Structure Wipe , Disk Wipe
Windows Raw Access To Master Boot Record Drive
Disk Structure Wipe , Disk Wipe
Linux DD File Overwrite
Data Destruction
Disabling SystemRestore In Registry
Inhibit System Recovery
Excessive File Deletion In WinDefender Folder
Data Destruction
WBAdmin Delete System Backups
Inhibit System Recovery
High File Deletion Frequency
Data Destruction
BCDEdit Failure Recovery Modification
Inhibit System Recovery
Resize Shadowstorage Volume
Service Stop
Disable Net User Account
Service Stop, Valid Accounts
Delete A Net User
Account Access Removal
Attempt To Disable Services
Service Stop
Attempt To Delete Services
Service Stop, Create or Modify System Process, Windows Service
Windows DiskCryptor Usage
Data Encrypted for Impact
Sdelete Application Execution
Data Destruction, File Deletion, Indicator Removal on Host
Sdelete Application Execution
Data Destruction , File Deletion , Indicator Removal on Host
Change To Safe Mode With Network Config
Inhibit System Recovery
Bcdedit Command Back To Normal Mode Boot
Inhibit System Recovery
Prevent Automatic Repair Mode using Bcdedit
Inhibit System Recovery
Known Services Killed by Ransomware
Inhibit System Recovery
Modification Of Wallpaper
Defacement
Delete ShadowCopy With PowerShell
Inhibit System Recovery
Excessive Usage Of Net App
Account Access Removal
Excessive Service Stop Attempt
Service Stop
Excessive Attempt To Disable Services
Service Stop
Disabling Net User Account
Account Access Removal
Deleting Of Net Users
Account Access Removal
Windows High File Deletion Frequency
Data Destruction
High Process Termination Frequency
Data Encrypted for Impact
Resize ShadowStorage volume
Inhibit System Recovery
Ransomware Notes bulk creation
Data Encrypted for Impact
WBAdmin Delete System Backups
Inhibit System Recovery
AWS Detect Users with KMS keys performing encryption S3
Data Encrypted for Impact
AWS Detect Users creating keys with encrypt policy without MFA
Data Encrypted for Impact
BCDEdit Failure Recovery Modification
Inhibit System Recovery
Deleting Shadow Copies
Inhibit System Recovery
Common Ransomware Notes
Data Destruction
Common Ransomware Extensions
Data Destruction
Windows Security Account Manager Stopped
Service Stop
Ryuk Test Files Detected
Data Encrypted for Impact
Detect Traffic Mirroring
Hardware Additions , Automated Exfiltration , Network Denial of Service , Traffic Duplication
Detect Port Security Violation
Hardware Additions , Network Denial of Service , Adversary-in-the-Middle , ARP Cache Poisoning
Detect IPv6 Network Infrastructure Threats
Hardware Additions , Network Denial of Service , Adversary-in-the-Middle , ARP Cache Poisoning
Detect Rogue DHCP Server
Hardware Additions , Network Denial of Service , Adversary-in-the-Middle
Detect ARP Poisoning
Hardware Additions , Network Denial of Service , Adversary-in-the-Middle , ARP Cache Poisoning
Samsam Test File Write
Data Encrypted for Impact
Large Volume of DNS ANY Queries
Network Denial of Service , Reflection Amplification
Large Volume of DNS ANY Queries
Network Denial of Service , Reflection Amplification