LockerGoga - S0372 (5af7a825-2d9f-400d-931a-e00eb9e27f48)

LockerGoga is ransomware that was first reported in January 2019, and has been tied to various attacks on European companies, including industrial and manufacturing firms.(Citation: Unit42 LockerGoga 2019)(Citation: CarbonBlack LockerGoga 2019)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	LockerGoga - S0372 (5af7a825-2d9f-400d-931a-e00eb9e27f48)	Malware	1
Account Access Removal - T1531 (b24e2a20-3b3d-4bf0-823b-1ed765398fb0)	Attack Pattern	LockerGoga - S0372 (5af7a825-2d9f-400d-931a-e00eb9e27f48)	Malware	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	LockerGoga - S0372 (5af7a825-2d9f-400d-931a-e00eb9e27f48)	Malware	1
System Shutdown/Reboot - T1529 (ff73aa03-0090-4464-83ac-f89e233c02bc)	Attack Pattern	LockerGoga - S0372 (5af7a825-2d9f-400d-931a-e00eb9e27f48)	Malware	1
Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	LockerGoga - S0372 (5af7a825-2d9f-400d-931a-e00eb9e27f48)	Malware	1
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	LockerGoga - S0372 (5af7a825-2d9f-400d-931a-e00eb9e27f48)	Malware	1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0)	Attack Pattern	LockerGoga - S0372 (5af7a825-2d9f-400d-931a-e00eb9e27f48)	Malware	1
Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082)	Attack Pattern	Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7)	Attack Pattern	2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529)	Attack Pattern	Disable or Modify Tools - T1562.001 (ac08589e-ee59-4935-8667-d845e38fe579)	Attack Pattern	2