Skip to content

[Intel]: https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html #321

New issue
New issue
Open
Open
[Intel]: https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html#321
Labels
ignore:tag:T1602.001missing:tag:T1005missing:tag:T1021.002missing:tag:T1048missing:tag:T1053.003missing:tag:T1057missing:tag:T1070.004missing:tag:T1071.001missing:tag:T1491missing:tag:T1546.004missing:tag:T1567missing:tag:T1573missing:tag:T1590missing:tag:wltm
@timb-machine

Description

@timb-machine
timb-machine
opened on Apr 20, 2022

Area

Malware reports

Parent threat

Execution, Persistence, Privilege Escalation, Command and Control, Exfiltration, Impact

Finding

https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html

Industry reference

attack:T1048:Exfiltration Over Alternative Protocol
attack:T1567:Exfiltration Over Web Service
attack:T1573:Encrypted Channel
attack:T1071.001:Web Protocols
attack:T1053.003:Cron
attack:T1486:Data Encrypted for Impact

Malware reference

DarkSide

Actor reference

UNC2628
UNC2659
UNC2465

Component

Linux

Scenario

No response

Metadata

Metadata