Ryuk | Malware Detail

Description

[Ryuk](https://attack.mitre.org/software/S0446) is a ransomware designed to target enterprise environments that has been used in attacks since at least 2018. [Ryuk](https://attack.mitre.org/software/S0446) shares code similarities with Hermes ransomware.(Citation: CrowdStrike Ryuk January 2019)(Citation: FireEye Ryuk and Trickbot January 2019)(Citation: FireEye FIN6 Apr 2019)

External References

Techniques Used by This Malware

T1016 — System Network Configuration Discovery
T1021.002 — SMB/Windows Admin Shares
T1027 — Obfuscated Files or Information
T1036 — Masquerading
T1036.005 — Match Legitimate Resource Name or Location
T1053.005 — Scheduled Task
T1055 — Process Injection
T1057 — Process Discovery
T1059.003 — Windows Command Shell
T1078.002 — Domain Accounts
T1082 — System Information Discovery
T1083 — File and Directory Discovery
T1106 — Native API
T1134 — Access Token Manipulation
T1205 — Traffic Signaling
T1222.001 — Windows File and Directory Permissions Modification
T1486 — Data Encrypted for Impact
T1489 — Service Stop
T1490 — Inhibit System Recovery
T1547.001 — Registry Run Keys / Startup Folder
T1562.001 — Disable or Modify Tools
T1614.001 — System Language Discovery

Malware: Ryuk

Description

External References

Techniques Used by This Malware

APT Groups Using This Malware