Skip to content

crocodyli/ThreatActors-TTPs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

406 Commits
0apt
0apt
 
 
0mega
0mega
 
 
3AM
3AM
 
 
8base
8base
 
 
ALPHV-BlackCat
ALPHV-BlackCat
 
 
APT73
APT73
 
 
Akira
Akira
 
 
AlphaLocker
AlphaLocker
 
 
BianLian
BianLian
 
 
BlackBasta
BlackBasta
 
 
BlackSuit
BlackSuit
 
 
Brain Cipher
Brain Cipher
 
 
Cactus Ransomware
Cactus Ransomware
 
 
Cl0p
Cl0p
 
 
CoinbaseCartel
CoinbaseCartel
 
 
Commands
Commands
 
 
CrossLock
CrossLock
 
 
Cuba
Cuba
 
 
DORRRA
DORRRA
 
 
Devman's Ransomware
Devman's Ransomware
 
 
DoNex
DoNex
 
 
DragonForce
DragonForce
 
 
FSociety-Flocker
FSociety-Flocker
 
 
HsHarada
HsHarada
 
 
Hunt-Dharma-Crysis
Hunt-Dharma-Crysis
 
 
Hunters International
Hunters International
 
 
KageNoHitobito
KageNoHitobito
 
 
LockBit
LockBit
 
 
Magaskosh
Magaskosh
 
 
Medusa
Medusa
 
 
Play
Play
 
 
RansomHub
RansomHub
 
 
Rhysida
Rhysida
 
 
Rincrypt
Rincrypt
 
 
SafePay
SafePay
 
 
Shinra
Shinra
 
 
ShinyHunters
ShinyHunters
 
 
Sinobi
Sinobi
 
 
Tengu
Tengu
 
 
Van Helsing Ransomware/Hunting
Van Helsing Ransomware/Hunting
 
 
Yashma-Ator-Vietnamita
Yashma-Ator-Vietnamita
 
 
README.md
README.md
 
 

Repository files navigation

dajsdhasjkdhas

THREAT ACTORS AND RANSOMWARES - TTPs

This repository was created with the aim of assisting companies and independent researchers in studying the Tactics, Techniques, and Procedures (TTPs), based on the MITRE ATT&CK framework, adopted by active or inactive Ransomware operators/groups and other Threat Actors.

This content includes TTP mapping, the history of activities, and the record of exploited CVEs (Common Vulnerabilities and Exposures). Furthermore, I am including data on commands, tools, and useful locations for researching artifacts in the DFIR/CTI field.

The primary focus is to offer a summary of each actor's trajectory, providing essential information that can be utilized by security organizations and individual researchers.

COLLABORATION AND DATA SHARING

This project relies on contributions from various researchers in the community. The data collected here is also intended to serve as a resource for other security projects, such as RANSOMWARE.LIVE (accessible at: https://www.ransomware.live/), fostering a wider collaboration ecosystem.

REPOSITORY STRUCTURE

FOLDER DESCRIPTION
Actor's Name Detailed profile containing: TTPs (MITRE ATT&CK), History/Trajectory of the group, and a list of exploited CVEs (where applicable).
Commands Repository designed to insert commands captured based on DFIR and CTI activities of Threat Actors, Ransomware groups, and affiliates.
Payload locations Repository designed to inform locations commonly used for the execution of ransomware and other threats.

Contact: https://twitter.com/crocodylii

The goal is to map all possible strategies adopted by Ransomware operators, and contributions are highly welcome!

About

Repository created to share information about tactics, techniques and procedures used by threat actors. Initially with ransomware groups and evolving to other types of threats.

Topics

malware ransomware threat-intelligence ttp mitre-attack ransomware-group threat-acto

Resources

Readme
Activity

Stars

403 stars

Watchers

17 watching

Forks

59 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors