Skip to content

Hide Navigation Hide TOC

Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656)

Akira ransomware, written in C++, is most prominently (but not exclusively) associated with the ransomware-as-a-service entity Akira. Akira ransomware has been used in attacks across North America, Europe, and Australia, with a focus on critical infrastructure sectors including manufacturing, education, and IT services. Akira ransomware employs hybrid encryption and threading to increase the speed and efficiency of encryption and runtime arguments for tailored attacks. Notable variants include Rust-based Megazord for targeting Windows and Akira _v2 for targeting VMware ESXi servers.(Citation: Kersten Akira 2023)(Citation: CISA Akira Ransomware APR 2024)(Citation: Cisco Akira Ransomware OCT 2024)

Cluster A Galaxy A Cluster B Galaxy B Level
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern 2