high_confidence
C0018
[C0018](https://attack.mitre.org/campaigns/C0018) was a month-long ransomware intrusion that successfully deployed [AvosLocker](https://attack.mitre.org/software/S1053) onto a compromised network. The unidentified actors gained initial access to the victim network through an exposed server and used a variety of open-source tools prior to executing [AvosLocker](https://attack.mitre.org/software/S1053).(Citation: Costa AvosLocker May 2022)(Citation: Cisco Talos Avos Jun 2022)
Start date
1 February 2022
End date
1 March 2022
Techniques
19
Attributed actors
Techniques (19)
command-and-control4
T1219.002Remote Desktop Software
T1105Ingress Tool Transfer
T1071.001Web Protocols
T1571Non-Standard Port
discovery3
T1046Network Service Discovery
T1033System Owner/User Discovery
T1016System Network Configuration Discovery
execution3
T1047Windows Management Instrumentation
T1059.001PowerShell
T1072Software Deployment Tools
impact1
T1486Data Encrypted for Impact
initial-access1
T1190Exploit Public-Facing Application
lateral-movement3
T1021.001Remote Desktop Protocol
T1570Lateral Tool Transfer
T1072Software Deployment Tools
resource-development1
T1588.002Tool
stealth4
T1036.005Match Legitimate Resource Name or Location
T1027.010Command Obfuscation
T1036Masquerading
T1218.011Rundll32
Indicators of compromise
No IOCs linked to this campaign yet.