An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques - SentinelLabs
Tags
cmtmf-attack-pattern: Command And Scripting Interpreter Masquerading Obfuscated Files Or Information Process Injection
attack-pattern: Data Application Shimming - T1546.011 Archive Collected Data - T1560 Archive Collected Data - T1532 Command And Scripting Interpreter - T1623 Encrypted Channel - T1521 Encrypted Channel - T1573 File And Directory Discovery - T1420 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Native Api - T1575 Process Injection - T1631 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 System Checks - T1497.001 Virtualization/Sandbox Evasion - T1497 Tool - T1588.002 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Application Shimming - T1138 Command-Line Interface - T1059 Deobfuscate/Decode Files Or Information - T1140 Execution Through Api - T1106 File And Directory Discovery - T1083 Masquerading - T1036 Obfuscated Files Or Information - T1027 Process Discovery - T1057 Process Injection - T1055 Security Software Discovery - T1063 System Information Discovery - T1082 System Time Discovery - T1124 Masquerading
Show in Graph
Common Information
Type Value
UUID bae38e04-c7cf-4a7d-b06e-b56dac87a310
Fingerprint b23018f9319187c0
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 22, 2020, midnight
Added to db Sept. 11, 2022, 12:47 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques
Title An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques - SentinelLabs
Detected Hints/Tags/Attributes 72/2/24
Source URLs
Redirection Url
Details Source https://labs.sentinelone.com/an-inside-look-at-how-ryuk-evolved-its-encryption-and-evasion-techniques/
URL Provider
Details Provider Source level domain
Details sentinelone.com labs.sentinelone.com
Attributes
Details Type #Events CTI Value
Details File 3 
lan.exe
Details File 2127 
cmd.exe
Details File 4 
'wmic.exe
Details File 4 
'vssadmin.exe
Details File 37 
icacls.exe
Details sha1 1 
c3fa91438850c88c81c0712204a273e382d8fa7b
Details sha1 1 
5767653494d05b3f3f38f1662a63335d09ae6489
Details sha256 1 
f8bc1638ec3b04412f708233e8586e1d91f18f6715d68cba1a491d4a7f457da0
Details sha256 1 
7e28426e89e79e20a6d9b1913ca323f112868e597fcaf6b9e073102e73407b47
Details MITRE ATT&CK Techniques 695 
T1059
Details MITRE ATT&CK Techniques 239 
T1106
Details MITRE ATT&CK Techniques 11 
T1546.011
Details MITRE ATT&CK Techniques 440 
T1055
Details MITRE ATT&CK Techniques 348 
T1036
Details MITRE ATT&CK Techniques 97 
T1497.001
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 627 
T1027
Details MITRE ATT&CK Techniques 86 
T1124
Details MITRE ATT&CK Techniques 141 
T1518.001
Details MITRE ATT&CK Techniques 433 
T1057
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 157 
T1560
Details MITRE ATT&CK Techniques 163 
T1573