top of page
Search

Novel News on Cuba Ransomware aka Greetings From Tropical Scorpius

Beginning in early May 2022, Unit 42 observed a threat actor deploying Cuba Ransomware using novel tools and techniques. Unit 42 tracks the threat actor as Tropical Scorpius.





MALWARE FAMILIES: Cuba, ROMCOM, SCREENSHOOTER, ZeroLogon, KerberCache


ATT&CK IDS: T1059 - Command and Scripting Interpreter, T1106 - Native API, T1546 - Event Triggered Execution, T1218 - Signed Binary Proxy Execution, T1095 - Non-Application Layer Protocol, T1566 - Phishing, T1027 - Obfuscated Files or Information, T1057 - Process Discovery, T1486 - Data Encrypted for Impact, T1003.001 - LSASS Memory, T1003 - OS Credential Dumping, T1497 - Virtualization/Sandbox Evasion, T1113 - Screen Capture


Read More:

0 views
bottom of page