Skip to content

Hide Navigation Hide TOC

ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b)

ROADSWEEP is a ransomware that was deployed against Albanian government networks during HomeLand Justice along with the CHIMNEYSWEEP backdoor.(Citation: Mandiant ROADSWEEP August 2022)

Cluster A Galaxy A Cluster B Galaxy B Level
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware 1
ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 1
ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware Inter-Process Communication - T1559 (acd0ba37-7ba9-4cc5-ac61-796586cd856d) Attack Pattern 1
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware 1
ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 1
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware 1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware 1
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware 1
ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 1
ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware Execution Guardrails - T1480 (853c4192-4311-43e1-bfbb-b11b14911852) Attack Pattern 1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern ROADSWEEP - S1150 (be471c69-12d5-4bcc-9dad-3d42c3dbca4b) Malware 1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 2
Encrypted/Encoded File - T1027.013 (0d91b3c0-5e50-47c3-949a-2a796f04d144) Attack Pattern Obfuscated Files or Information - T1027 (b3d682b6-98f2-4fb0-aa3b-b4df007ca70a) Attack Pattern 2
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 2
Subvert Trust Controls - T1553 (b83e166d-13d7-4b52-8677-dff90c548fd7) Attack Pattern Code Signing - T1553.002 (32901740-b42c-4fdd-bc02-345b5dc57082) Attack Pattern 2