FrostUnit Inactive

Ransomware group first observed in 2017. Uses AnyDesk for deployment.
PDF Report Back to Groups
0
Total Victims
2017-11-01
First Seen
2020-08-20
Last Seen
14
Known TTPs
14.9d
Avg Delay
0
Negotiations
ONION URLS
oyritacvq6yw4l5h6iqjpq3rfrpjxjrn67iczqoymwsh3fjvbi6obndy.onion
TOOLS
AnyDesk Atera ConnectWise PowerTool
FILE EXTENSIONS
.pwned
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1039 Data from Network Shared Drive Collection
T1573.002 Asymmetric Cryptography Command and Control
T1003.001 LSASS Memory Credential Access
T1110.001 Password Guessing Credential Access
T1083 File and Directory Discovery Discovery
T1047 Windows Management Instrumentation Execution
T1053.005 Scheduled Task Execution
T1204.001 Malicious Link Execution
T1489 Service Stop Impact
T1529 System Shutdown/Reboot Impact
T1561.001 Disk Wipe Impact
T1021.001 Remote Desktop Protocol Lateral Movement
T1098 Account Manipulation Persistence
T1068 Exploitation for Privilege Escalation Privilege Escalation

No YARA rules

No IoCs

No ransom notes