ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)

ProLock is a ransomware strain that has been used in Big Game Hunting (BGH) operations since at least 2020, often obtaining initial access with QakBot. ProLock is the successor to PwndLocker ransomware which was found to contain a bug allowing decryption without ransom payment in 2019.(Citation: Group IB Ransomware September 2020)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055)	Attack Pattern	ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	1
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a)	Attack Pattern	ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	1
Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	1
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839)	Attack Pattern	ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	1
BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	ProLock - S0654 (471d0e9f-2c8a-4e4b-8f3b-f85d2407806e)	Malware	1
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a)	Attack Pattern	Steganography - T1027.003 (c2e147a9-d1a8-4074-811a-d8789202d916)	Attack Pattern	2