LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company

TrendMicro's blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint

REFERENCE: https://www.trendmicro.com/en_us/research/22/j/lv-ransomware-exploits-proxyshell-in-attack.html

TAGS: accomplice, Ransomware, LV, ProxyShell, RaaS

ADVERSARY: LV

TARGETED COUNTRY: Jordan

ATT&CK IDS: T1190 - Exploit Public-Facing Application, T1471 - Data Encrypted for Impact, T1572 - Protocol Tunneling, T1059 - Command and Scripting Interpreter, T1003 - OS Credential Dumping

Read More:

https://otx.alienvault.com/pulse/6359505e5a342ac921b5e94e