Impact
The adversary is trying to manipulate, interrupt, or destroy your systems and data. https://attack.mitre.org/tactics/TA0040/
Remove Volume Shadow Copies
The threat actor TTP is associated with BlackByte and executes the above as base64.
PowerShell Encryption Routine
A trivial example of encrypting files recursively with a random interger as the key
https://github.com/burmat/burmatscripts/blob/master/powershell/AES-Locker.ps1
Last updated