Malware: ROADSWEEP

Description

[ROADSWEEP](https://attack.mitre.org/software/S1150) is a ransomware that was deployed against Albanian government networks during [HomeLand Justice](https://attack.mitre.org/campaigns/C0038) along with the [CHIMNEYSWEEP](https://attack.mitre.org/software/S1149) backdoor.(Citation: Mandiant ROADSWEEP August 2022)

External References

• mitre-attack
• Mandiant ROADSWEEP August 2022

Techniques Used by This Malware

• T1027.013 — Encrypted/Encoded File
• T1059.003 — Windows Command Shell
• T1070.004 — File Deletion
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1120 — Peripheral Device Discovery
• T1140 — Deobfuscate/Decode Files or Information
• T1480 — Execution Guardrails
• T1486 — Data Encrypted for Impact
• T1489 — Service Stop
• T1490 — Inhibit System Recovery
• T1491.001 — Internal Defacement
• T1547.001 — Registry Run Keys / Startup Folder
• T1553.002 — Code Signing
• T1559 — Inter-Process Communication