Vice Society is an intrusion, exfiltration, and extortion hacking group that first appeared in summer 2021. Vice Society actors do not use a ransomware variant of unique origin. Instead, the actors have deployed versions of Hello Kitty/Five Hands and Zeppelin ransomware, but may deploy other variants in the future.
TAGS: Ransomware, Cobalt Strike, Powershell Empire, WMI, Vice Society, PrintNightmare, Hello Kitty, Zeppelin
ADVERSARY: Vice Society
INDUSTRY: Education
ATT&CK IDS: T1021 - Remote Services, T1049 - System Network Connections Discovery, T1003 - OS Credential Dumping, T1199 - Trusted Relationship, T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1068 - Exploitation for Privilege Escalation, T1078 - Valid Accounts, T1080 - Taint Shared Content, T1190 - Exploit Public-Facing Application, T1486 - Data Encrypted for Impact, T1497 - Virtualization/Sandbox Evasion, T1531 - Account Access Removal, T1543 - Create or Modify System Process, T1547 - Boot or Logon Autostart Execution, T1574 - Hijack Execution Flow
Read More:
Comentarios