Skip to content

Hide Navigation Hide TOC

Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2)

Embargo is a ransomware variant written in Rust that has been active since at least May 2024.(Citation: Cyble Embargo Ransomware May 2024)(Citation: ESET Embargo Ransomware October 2024) Embargo ransomware operations are associated with “double extortion” ransomware activity, where data is exfiltrated from victim environments prior to encryption, with threats to publish files if a ransom is not paid.(Citation: Cyble Embargo Ransomware May 2024)(Citation: ESET Embargo Ransomware October 2024) Embargo ransomware has been known to be delivered through a loader known as MDeployer which also leverages a malware component known as MS4Killer that facilitates termination of processes operating on the victim hosts.(Citation: ESET Embargo Ransomware October 2024) Embargo is also reportedly a Ransomware as a Service (RaaS).(Citation: ESET Embargo Ransomware October 2024)

Cluster A Galaxy A Cluster B Galaxy B Level
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Safe Mode Boot - T1688 (c7660f19-f8c5-4ae3-a5e5-24381c270376) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Financial Theft - T1657 (851e071f-208d-4c79-adc6-5974c85c78f3) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Selective Exclusion - T1679 (9b00925a-7c4b-4e53-bfc8-9a6a806fde03) Attack Pattern 1
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern 1
Embargo - S1247 (82adb90e-43b8-4bce-9efe-afeba65457b2) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 1
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 2
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern 2
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 2
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 2
Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern 2
Mutual Exclusion - T1480.002 (49fca0d2-685d-41eb-8bd4-05451cc3a742) Attack Pattern Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2