Initial commit of seven ransomware roles

2022-02-16 12:57:04 +01:00 · 2022-02-16 12:57:04 +01:00 · aaf3a6e36b
parent 7258275fc0
commit aaf3a6e36b
1 changed files with 30 additions and 5 deletions
--- a/ransomware-roles/machinetag.json
+++ b/ransomware-roles/machinetag.json
@ -8,14 +8,39 @@
  "version": 1,
  "predicates": [
    {
-      "value": "1 - Initial Access Brokers",
-      "expanded": "1 - Initial Access Brokers",
+      "value": "1 - Initial Access Broker",
+      "expanded": "1 - Initial Access Broker",
      "description": "Initial Access Brokers obtain the initial access to organizations. They monetize this access by offering it for sale to any actor."
    },
    {
-      "value": "2 - Ransomware Affiliates",
-      "expanded": "2 - Ransomware Affiliates",
-      "description": "Ransomware Affiliates obtain persistance. They reconnaissance the network of the victim, and make use of lateral movement and privilege escalation to move to points of interest. Once such points are found, ransomware is deployed."
+      "value": "2 - Ransomware Affiliate",
+      "expanded": "2 - Ransomware Affiliate",
+      "description": "Ransomware Affiliates obtain persistance. They reconnaissance the network of the victim, and make use of lateral movement and privilege escalation to move to points of interest. Once such points are found, ransomware is deployed. Ransomware Affiliates can make use of different ransomware families in different attacks."
+    },
+    {
+      "value": "3 - Data Manager",
+      "expanded": "3 - Data Manager",
+      "description": "Data managers handle the excfiltration of data, and after that, the exfiltrated data itself."
+    },
+    {
+      "value": "4 - Ransomware Operator",
+      "expanded": "4 - Ransomware Operator",
+      "description": "Ransomware Operators facilitate the ransomware business model by providing ransomware and hosting the infrastructure needed to run it."
+    },
+    {
+      "value": "5 - Negotiator",
+      "expanded": "5 - Negotiator",
+      "description": "Negotiations are often performed by a separate actor."
+    },
+    {
+      "value": "6 - Chaser",
+      "expanded": "6 - Chaser",
+      "description": "Chasers put pressure on victims by emailing and calling key employees, to threaten them with continued attacks or publication of confidential data if the ransom is not payed."
+    },
+    {
+      "value": "7 - Accountant",
+      "expanded": "7 - Accountant",
+      "description": "Accountants launder the ransom."
    }
  ]
 }