Common Information
| Type | Value |
|---|---|
| Value |
Impair Defenses - T1562 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may maliciously modify components of a victim environment in order to hinder or disable defensive mechanisms. This not only involves impairing preventative defenses, such as firewalls and anti-virus, but also detection capabilities that defenders can use to audit activity and identify malicious behavior. This may also span both native defenses as well as supplemental capabilities installed by users and administrators. Adversaries may also impair routine operations that contribute to defensive hygiene, such as blocking users from logging out of a computer or stopping it from being shut down. These restrictions can further enable malicious operations as well as the continued propagation of incidents.(Citation: Emotet shutdown) Adversaries could also target event aggregation and analysis mechanisms, or otherwise disrupt these procedures by altering other system components. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2021-08-26 | 13 | From Russia With… LockBit Ransomware: Inside Look & Preventive Solutions | ||
| Details | Website | 2021-08-17 | 56 | Neurevt trojan takes aim at Mexican users | ||
| Details | Website | 2021-08-16 | 62 | LockBit Resurfaces With Version 2.0 Ransomware Detections in Chile, Italy, Taiwan, UK | ||
| Details | Website | 2021-08-12 | 36 | Vice Society leverages PrintNightmare in ransomware attacks | ||
| Details | Website | 2021-08-11 | 13 | Talos Incident Response quarterly threat report — The top malware families and TTPs used in Q2 2021 | ||
| Details | Website | 2021-08-01 | 506 | Lazarus Group’s Mata Framework Leveraged To Deploy TFlower Ransomware | ||
| Details | Website | 2021-07-28 | 10 | Phases of a Post-Intrusion Ransomware Attack | ||
| Details | Website | 2021-07-16 | 20 | Kaseya VSA Supply Chain Ransomware Attacks (REvil Gang) - ASEC BLOG | ||
| Details | Website | 2021-07-01 | 66 | Diavol - A New Ransomware Used By Wizard Spider? | Fortinet | ||
| Details | Website | 2021-06-29 | 45 | 7 victims spanning multiple industries | ||
| Details | Website | 2021-06-15 | 53 | Handy guide to a new Fivehands ransomware variant | ||
| Details | Website | 2021-06-15 | 86 | Ransomware Double Extortion and Beyond: REvil, Clop, and Conti - Security News | ||
| Details | Website | 2021-06-01 | 52 | Backdoors, RATs, Loaders evasion techniques | ||
| Details | Website | 2021-05-12 | 47 | Nefilim Ransomware | Qualys Security Blog | ||
| Details | Website | 2021-05-10 | 95 | — | ||
| Details | Website | 2021-04-22 | 42 | Sysrv-Hello Expands Infrastructure | ||
| Details | Website | 2021-04-21 | 36 | Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03) | ||
| Details | Website | 2021-04-20 | 102 | Authentication Bypass Techniques and Pulse Secure Zero-Day | ||
| Details | Website | 2021-04-01 | 5 | Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting - Microsoft Security Blog | ||
| Details | Website | 2021-04-01 | 60 | Avaddon RaaS | Breaks Public Decryptor, Continues On Rampage - SentinelLabs | ||
| Details | Website | 2021-02-25 | 190 | So Unchill: Melting UNC2198 ICEDID to Ransomware Operations | Mandiant | ||
| Details | Website | 2021-02-02 | 9 | Detecting MITRE ATT&CK: Defense evasion techniques with Falco | ||
| Details | Website | 2021-01-27 | 20 | CrimsonIAS: Listening for an 3v1l User | ||
| Details | Website | 2021-01-20 | 137 | Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop - Microsoft Security Blog | ||
| Details | Website | 2021-01-14 | 663 | Higaisa or Winnti? APT41 backdoors, old and new |