Initial commit of seven ransomware roles

pull/230/head
matthijsvp 2022-02-16 12:57:04 +01:00
parent 7258275fc0
commit aaf3a6e36b
1 changed files with 30 additions and 5 deletions

View File

@ -8,14 +8,39 @@
"version": 1, "version": 1,
"predicates": [ "predicates": [
{ {
"value": "1 - Initial Access Brokers", "value": "1 - Initial Access Broker",
"expanded": "1 - Initial Access Brokers", "expanded": "1 - Initial Access Broker",
"description": "Initial Access Brokers obtain the initial access to organizations. They monetize this access by offering it for sale to any actor." "description": "Initial Access Brokers obtain the initial access to organizations. They monetize this access by offering it for sale to any actor."
}, },
{ {
"value": "2 - Ransomware Affiliates", "value": "2 - Ransomware Affiliate",
"expanded": "2 - Ransomware Affiliates", "expanded": "2 - Ransomware Affiliate",
"description": "Ransomware Affiliates obtain persistance. They reconnaissance the network of the victim, and make use of lateral movement and privilege escalation to move to points of interest. Once such points are found, ransomware is deployed." "description": "Ransomware Affiliates obtain persistance. They reconnaissance the network of the victim, and make use of lateral movement and privilege escalation to move to points of interest. Once such points are found, ransomware is deployed. Ransomware Affiliates can make use of different ransomware families in different attacks."
},
{
"value": "3 - Data Manager",
"expanded": "3 - Data Manager",
"description": "Data managers handle the excfiltration of data, and after that, the exfiltrated data itself."
},
{
"value": "4 - Ransomware Operator",
"expanded": "4 - Ransomware Operator",
"description": "Ransomware Operators facilitate the ransomware business model by providing ransomware and hosting the infrastructure needed to run it."
},
{
"value": "5 - Negotiator",
"expanded": "5 - Negotiator",
"description": "Negotiations are often performed by a separate actor."
},
{
"value": "6 - Chaser",
"expanded": "6 - Chaser",
"description": "Chasers put pressure on victims by emailing and calling key employees, to threaten them with continued attacks or publication of confidential data if the ransom is not payed."
},
{
"value": "7 - Accountant",
"expanded": "7 - Accountant",
"description": "Accountants launder the ransom."
} }
] ]
} }