Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Category Details References
First Observed Summer 2021 1
Threat Actors    
Platforms Windows and Linux(ESXi) 2
Extensions .v-society.XXX-XXX-XXX 3
Ransomware Notes !!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT 1
Services it Disables Not automated, but have been observed disabling PowerShell logging, Bypassing AMSI protection for PowerShell 4
Other Observables Modify System Process, Registry Run Keys/Startup Folder, DLL Side-Loading, Scheduled Task/Job 2
Automatically Gains Access No. Typically gain access through compromised credentials by exploiting internet-facing applications) 2
Automatically Escalates Privileges Yes (through PrintNightmare vulnerability) 1
Requires Human Interaction Yes 2
Automatic Exfiltration No. Have been seen exfiltrating sensitive information over SMB (TCP/445) directly from a compromised domain controller 4
Automatic Propagation No. Can deliver payloads to shared location 4

Please note, this page was last updated at 2023-03-14 20:21.