REFERENCE:https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider
TAGS:conti, diavol, egregor, WIZARD SPIDER, Ransomware
ADVERSARY:WIZARD SPIDER
MALWARE FAMILIES:Conti, Diavol
ATT&CK IDS:T1059 – Command and Scripting Interpreter, T1106 – Native API, T1070 – Indicator Removal on Host, T1057 – Process Discovery, T1040 – Network Sniffing, T1083 – File and Directory Discovery, T1027 – Obfuscated Files or Information, T1071 – Application Layer Protocol, T1082 – System Information Discovery, T1135 – Network Share Discovery, T1485 – Data Destruction, T1486 – Data Encrypted for Impact, T1489 – Service Stop, T1490 – Inhibit System Recovery, T1559 – Inter-Process Communication, T1562 – Impair Defenses