Ransomware: Hunting for Inhibiting System Backup or Recovery
Tags
attack-pattern: Data Inhibit System Recovery - T1490 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 964decf6-97b1-4983-8a8e-7c33fdf00cdd
Fingerprint a411809b11178fca
Analysis status DONE
Considered CTI value 1
Text language
Published Aug. 19, 2024, midnight
Added to db Aug. 31, 2024, 5:10 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Ransomware: Hunting for Inhibiting System Backup or Recovery
Title Ransomware: Hunting for Inhibiting System Backup or Recovery
Detected Hints/Tags/Attributes 77/1/10
Source URLs
Redirection Url
Details Source https://intel471.com/blog/hunting-ransomware-inhibiting-system-backup-or-recovery
Details Source https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/
URL Provider
Details Provider Source level domain
Details cyborgsecurity.com www.cyborgsecurity.com
Details intel471.com intel471.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 138 Intel471 https://intel471.com/blog/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 256 
net.exe
Details File 2126 
cmd.exe
Details File 1208 
powershell.exe
Details File 345 
vssadmin.exe
Details File 105 
bcdedit.exe
Details File 240 
wmic.exe
Details File 43 
wbadmin.exe
Details File 409 
c:\windows\system32\cmd.exe
Details File 7 
c:\windows\system32\bcdedit.exe
Details MITRE ATT&CK Techniques 276 
T1490