Storm-0501 Active
Microsoft-tracked threat actor deploying Embargo ransomware in hybrid cloud attacks.0
Total Victims
2024-07-01
First Seen
N/A
Last Seen
23
Known TTPs
17.7d
Avg Delay
0
Negotiations
ONION URLS
4sdtxjcn6kwmflp4etcpv7vtzfjoxd66ndvkjztfyf6xu4bfqvsjndsu.onion
TOOLS
ConnectWise
FileZilla
FILE EXTENSIONS
.encrypted
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1560.001 | Archive via Utility | Collection |
| T1071.001 | Web Protocols | Command and Control |
| T1090 | Proxy | Command and Control |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1219 | Remote Access Software | Command and Control |
| T1552.001 | Credentials In Files | Credential Access |
| T1555.003 | Credentials from Web Browsers | Credential Access |
| T1558.003 | Kerberoasting | Credential Access |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1140 | Deobfuscate/Decode Files | Defense Evasion |
| T1218.011 | Rundll32 | Defense Evasion |
| T1562.001 | Disable or Modify Tools | Defense Evasion |
| T1018 | Remote System Discovery | Discovery |
| T1049 | System Network Connections Discovery | Discovery |
| T1059.006 | Python | Execution |
| T1486 | Data Encrypted for Impact | Impact |
| T1561.001 | Disk Wipe | Impact |
| T1189 | Drive-by Compromise | Initial Access |
| T1566.002 | Spearphishing Link | Initial Access |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1098 | Account Manipulation | Persistence |
| T1136.001 | Local Account | Persistence |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
No YARA rules
No IoCs
No ransom notes