NestorRansom Defunct

Ransomware group first observed in 2017. Uses ScreenConnect for deployment.
PDF Report Back to Groups
0
Total Victims
2017-08-01
First Seen
2018-01-21
Last Seen
22
Known TTPs
8.9d
Avg Delay
0
Negotiations
ONION URLS
7jp5qdkuz4jvssastkxvcvxquormgom6jp46cijfnwf6uwakix4wuqik.onion
TOOLS
ScreenConnect ngrok
FILE EXTENSIONS
.pay
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1071.001 Web Protocols Command and Control
T1105 Ingress Tool Transfer Command and Control
T1572 Protocol Tunneling Command and Control
T1573.002 Asymmetric Cryptography Command and Control
T1110.001 Password Guessing Credential Access
T1555.003 Credentials from Web Browsers Credential Access
T1016 System Network Configuration Discovery Discovery
T1018 Remote System Discovery Discovery
T1047 Windows Management Instrumentation Execution
T1059.005 Visual Basic Execution
T1204.001 Malicious Link Execution
T1041 Exfiltration Over C2 Channel Exfiltration
T1048.003 Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration
T1490 Inhibit System Recovery Impact
T1078 Valid Accounts Initial Access
T1195.002 Compromise Software Supply Chain Initial Access
T1021.001 Remote Desktop Protocol Lateral Movement
T1021.004 SSH Lateral Movement
T1098 Account Manipulation Persistence
T1547.009 Shortcut Modification Persistence
T1068 Exploitation for Privilege Escalation Privilege Escalation
T1134 Access Token Manipulation Privilege Escalation

No YARA rules

No IoCs

No ransom notes