Skip to content

Hide Navigation Hide TOC

INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad)

INC Ransomware is a ransomware strain that has been used by the INC Ransom group since at least 2023 against multiple industry sectors worldwide. INC Ransomware can employ partial encryption combined with multi-threading to speed encryption.(Citation: SentinelOne INC Ransomware)(Citation: Huntress INC Ransom Group August 2023)(Citation: Secureworks GOLD IONIC April 2024)

Cluster A Galaxy A Cluster B Galaxy B Level
Peripheral Device Discovery - T1120 (348f1eef-964b-4eb6-bb53-69b3dcb0c643) Attack Pattern INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware 1
Device Driver Discovery - T1652 (215d9700-5881-48b8-8265-6449dbb7195d) Attack Pattern INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware 1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware 1
INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern 1
INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware Service Stop - T1489 (20fb2507-d71c-455d-9b6d-6104461cf26b) Attack Pattern 1
INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern 1
INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern 1
Network Share Discovery - T1135 (3489cfc5-640f-4bb3-a103-9137b97de79f) Attack Pattern INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware 1
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware 1
Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware 1
INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware 1
INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern 1
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) Attack Pattern INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware 1
INC Ransomware - S1139 (f25d4207-25b2-4bb0-a17a-403943c670ad) Malware Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern 1
Defacement - T1491 (5909f20f-3c39-4795-be06-ef1ea40d350b) Attack Pattern Internal Defacement - T1491.001 (8c41090b-aa47-4331-986b-8c9a51a91103) Attack Pattern 2