Skip to content

Hide Navigation Hide TOC

Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656)

Akira ransomware, written in C++, is most prominently (but not exclusively) associated with the ransomware-as-a-service entity Akira. Akira ransomware has been used in attacks across North America, Europe, and Australia, with a focus on critical infrastructure sectors including manufacturing, education, and IT services. Akira ransomware employs hybrid encryption and threading to increase the speed and efficiency of encryption and runtime arguments for tailored attacks. Notable variants include Rust-based Megazord for targeting Windows and Akira _v2 for targeting VMware ESXi servers.(Citation: Kersten Akira 2023)(Citation: CISA Akira Ransomware APR 2024)(Citation: Cisco Akira Ransomware OCT 2024)

Cluster A Galaxy A Cluster B Galaxy B Level
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 1
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Akira - S1129 (6f6b2353-4b39-40ce-9d6d-d00b7a61e656) Malware 1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2