TeslaCrypt Defunct
Initially targeted gamers. Developers released master key and shut down.0
Total Victims
2015-02-01
First Seen
N/A
Last Seen
23
Known TTPs
26.5d
Avg Delay
0
Negotiations
ONION URLS
66k3ewafmxfnmm3umlxryevde2tmqbicyhzg2nf3ybo5zl4hfppxmd5u.onion
vhsvzl46r2bmusm56ijnyvajqk34nnzbnmbd2qopfkbihztn7s5jnrhd.onion
TOOLS
Angler EK
FILE EXTENSIONS
.vvv
.ccc
.ecc
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
| Date | Victim Name | Country | Sector | Status |
|---|---|---|---|---|
| No victims recorded | ||||
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1573.002 | Asymmetric Cryptography | Command and Control |
| T1003.001 | LSASS Memory | Credential Access |
| T1110.001 | Password Guessing | Credential Access |
| T1555.003 | Credentials from Web Browsers | Credential Access |
| T1027 | Obfuscated Files or Information | Defense Evasion |
| T1140 | Deobfuscate/Decode Files | Defense Evasion |
| T1562.001 | Disable or Modify Tools | Defense Evasion |
| T1016 | System Network Configuration Discovery | Discovery |
| T1049 | System Network Connections Discovery | Discovery |
| T1087 | Account Discovery | Discovery |
| T1053.005 | Scheduled Task | Execution |
| T1059.001 | PowerShell | Execution |
| T1059.006 | Python | Execution |
| T1485 | Data Destruction | Impact |
| T1486 | Data Encrypted for Impact | Impact |
| T1489 | Service Stop | Impact |
| T1529 | System Shutdown/Reboot | Impact |
| T1078 | Valid Accounts | Initial Access |
| T1566.001 | Spearphishing Attachment | Initial Access |
| T1566.002 | Spearphishing Link | Initial Access |
| T1080 | Taint Shared Content | Lateral Movement |
| T1543.003 | Windows Service | Persistence |
| T1134 | Access Token Manipulation | Privilege Escalation |
No YARA rules
No IoCs
No ransom notes