| Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
crosslock (e203cc8c-6df9-5561-b7f3-ab65ee4a8e6b) |
Ransomware |
1 |
| crosslock (e203cc8c-6df9-5561-b7f3-ab65ee4a8e6b) |
Ransomware |
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) |
Attack Pattern |
1 |
| File and Directory Discovery - T1420 (cf28ca46-1fd3-46b4-b1f6-ec0b72361848) |
Attack Pattern |
crosslock (e203cc8c-6df9-5561-b7f3-ab65ee4a8e6b) |
Ransomware |
1 |
| Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) |
Attack Pattern |
crosslock (e203cc8c-6df9-5561-b7f3-ab65ee4a8e6b) |
Ransomware |
1 |
| crosslock (e203cc8c-6df9-5561-b7f3-ab65ee4a8e6b) |
Ransomware |
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
1 |
| Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) |
Attack Pattern |
crosslock (e203cc8c-6df9-5561-b7f3-ab65ee4a8e6b) |
Ransomware |
1 |
| crosslock (e203cc8c-6df9-5561-b7f3-ab65ee4a8e6b) |
Ransomware |
Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
1 |
| crosslock (e203cc8c-6df9-5561-b7f3-ab65ee4a8e6b) |
Ransomware |
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) |
Attack Pattern |
1 |
| Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) |
Attack Pattern |
crosslock (e203cc8c-6df9-5561-b7f3-ab65ee4a8e6b) |
Ransomware |
1 |
| crosslock (e203cc8c-6df9-5561-b7f3-ab65ee4a8e6b) |
Ransomware |
Data Encrypted for Impact - T1486 (b80d107d-fa0d-4b60-9684-b0433e8bdba0) |
Attack Pattern |
1 |
| Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) |
Attack Pattern |
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) |
Attack Pattern |
2 |
| Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) |
Attack Pattern |
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541) |
Attack Pattern |
2 |
| Clear Windows Event Logs - T1070.001 (6495ae23-3ab4-43c5-a94f-5638a2c31fd2) |
Attack Pattern |
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) |
Attack Pattern |
2 |
| Bypass User Account Control - T1548.002 (120d5519-3098-4e1c-9191-2aa61232f073) |
Attack Pattern |
Abuse Elevation Control Mechanism - T1548 (67720091-eee3-4d2d-ae16-8264567f6f5b) |
Attack Pattern |
2 |
| Process Hollowing - T1055.012 (b200542e-e877-4395-875b-cf1a44537ca4) |
Attack Pattern |
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) |
Attack Pattern |
2 |