From aaf3a6e36bff997f6347d77c32a4ddd00a8e5fac Mon Sep 17 00:00:00 2001 From: matthijsvp Date: Wed, 16 Feb 2022 12:57:04 +0100 Subject: [PATCH] Initial commit of seven ransomware roles --- ransomware-roles/machinetag.json | 35 +++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/ransomware-roles/machinetag.json b/ransomware-roles/machinetag.json index fece729..c0b0b01 100644 --- a/ransomware-roles/machinetag.json +++ b/ransomware-roles/machinetag.json @@ -8,14 +8,39 @@ "version": 1, "predicates": [ { - "value": "1 - Initial Access Brokers", - "expanded": "1 - Initial Access Brokers", + "value": "1 - Initial Access Broker", + "expanded": "1 - Initial Access Broker", "description": "Initial Access Brokers obtain the initial access to organizations. They monetize this access by offering it for sale to any actor." }, { - "value": "2 - Ransomware Affiliates", - "expanded": "2 - Ransomware Affiliates", - "description": "Ransomware Affiliates obtain persistance. They reconnaissance the network of the victim, and make use of lateral movement and privilege escalation to move to points of interest. Once such points are found, ransomware is deployed." + "value": "2 - Ransomware Affiliate", + "expanded": "2 - Ransomware Affiliate", + "description": "Ransomware Affiliates obtain persistance. They reconnaissance the network of the victim, and make use of lateral movement and privilege escalation to move to points of interest. Once such points are found, ransomware is deployed. Ransomware Affiliates can make use of different ransomware families in different attacks." + }, + { + "value": "3 - Data Manager", + "expanded": "3 - Data Manager", + "description": "Data managers handle the excfiltration of data, and after that, the exfiltrated data itself." + }, + { + "value": "4 - Ransomware Operator", + "expanded": "4 - Ransomware Operator", + "description": "Ransomware Operators facilitate the ransomware business model by providing ransomware and hosting the infrastructure needed to run it." + }, + { + "value": "5 - Negotiator", + "expanded": "5 - Negotiator", + "description": "Negotiations are often performed by a separate actor." + }, + { + "value": "6 - Chaser", + "expanded": "6 - Chaser", + "description": "Chasers put pressure on victims by emailing and calling key employees, to threaten them with continued attacks or publication of confidential data if the ransom is not payed." + }, + { + "value": "7 - Accountant", + "expanded": "7 - Accountant", + "description": "Accountants launder the ransom." } ] }