SOC Incident Toolkit
Back to Campaigns
Medusa Ransomware Won't Stop

Medusa Ransomware Won't Stop

MedusaRansomwarewin.medusamedusalockerBATPowershell

Ransomware operation Medusa became operational in June 2021, according to Bleeping Computer. However, it gained significant momentum in 2023, targeting corporate victims worldwide with multimillion-dollar ransom demands. The ransomware gang has stepped up its effectiveness by launching a "Medusa Blog" in its recent rise. The platform serves to attract media attention by leaking data from victims who refuse to pay the ransom.

Indicators of Compromise

Domains (31)

medusa-stealer.ccanydeskupdates.comwinserverupdates.comupdateservicecenter.comwindowservicecemter.comnetviewremote.comwindowcsupdates.comanydeskupdate.comwindowservicecenter.comsocket.afber6vjyb.comstudy.abroad.gewindowservicecentar.comupd488.windowservicecemter.cominfo.openjdklab.xyzespet.semedusacegu2ufmc3kx2kkqicrlcxdettsjcenhjena6uannk5f4ffuyd.onionlockbitks2tvnmwk.onionqd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.oniongvlay6u4g53rxdi5.onion+11 more

Hashes (463)

bce94b214a6bae00b03ada34c66210d9143895d6c0be9e21c10e9951cc469fbf3bcbc498de18d91a1d05e428fa94e4145959fbd22f2759b5933f06c9fdbc87ea941e8ef53ea0e3b715afd57de52ed2927d197c3314655930fab2319ff9cd5187a0caa242ed24c7c0b73887e35f1c12ab0dda98fe5799ee35a334f839bb666a0136ca2615390d0b7fb6a14875bafbfab3414045e9088332f4ff6b6a12f094a429d6f60ec500d3d85b336674857b5ede1e09daeff1a14adedc1eee2293e51b01300c75b649715e472db2134b18e827402378da09a8dcd9da92509e8131c059eec897c48b81cfc6a6765e176cc88231c31ee3a08ffb7106ece9612d3aa8078a828787b5ba7da8aa64721baca0421a01e01bb1f1ca8a2f73daa3ca2f5857e353c1822491bb75c8a3d3b8728ab46a933cd81f8176c1f9d7292faeecea67d71ce87b5cdc6ea04feb31eb9539f577d7965d0fb925dd7e5248f5f09ddd7089a9397d26e219eb1a1a937c3238f7ecdc7cdfc5383141d77ad9ed64d941fd8603196c0e31ae58c1992d54c67bb062d73ae9fabf5f0e1e2136e05cb6e69b4e725bf1f8fde9efbd8adc7ce4986caee58d074ef9947c5763542b3119788923977153ff8ca807a2e535e6ab28fc42641983aabb+443 more

IPv4 (49)

45.145.167.1175.188.206.14193.27.228.247196.240.57.20198.50.233.202185.220.101.14645.135.232.93185.215.113.3992.53.90.8487.251.75.71194.26.29.13179.60.150.97194.5.220.12450.80.219.149194.61.55.94139.180.184.14793.190.139.223174.138.62.35108.11.30.103185.220.100.249+29 more

CVEs (6)

CVE-2023-27350CVE-2023-27351CVE-2022-2295CVE-2022-21999CVE-2022-2294CVE-2018-13379

Notes

<div><span style="font-size: 14px;"><b>CONCLUSIONS</b></span></div><div><span style="font-size: 14px;">Ransomware in all its forms and variants poses a significant threat both to private users and companies. This makes it all the more important to keep an eye on the threat it poses and to be prepared for all eventualities. It is therefore essential to learn about ransomware, to be highly conscious of how you use devices, and to install the best security software.</span></div><div><br></div>

Mitigation

<span id="docs-internal-guid-c543388e-7fff-8d99-6b42-7ec1145fa193"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">MITIGATIONS</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Implement a recovery plan that maintains and retains multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., hard drive, storage device, or the cloud).</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Implement network segmentation and maintain offline backups of data to ensure limited interruption to the organization.</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Regularly back up data and password protect backup copies stored offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Install, regularly update, and enable real time detection for antivirus software on all hosts.</span></p><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Install updates for operating systems, software, and firmware as soon as possible.</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Review domain controllers, servers, workstations, and active directories for new and/or unrecognized accounts.</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Audit user accounts with administrative privileges and configure access controls according to the principle of least privilege.&nbsp;</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Disable unused ports.</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Consider adding an email banner to emails received from outside your organization.</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Disable hyperlinks in received emails.</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Enforce Multi Factor Authentication (MFA).</span></p><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Use National Institute of Standards and Technology (NIST) standards for developing and managing password policies:</span></p><br><ul style="margin-top:0;margin-bottom:0;"><li style="list-style-type: disc; font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="color: rgb(29, 28, 29); font-family: Slack-Lato, Slack-Fractions, appleLogo, sans-serif; font-size: 15px; font-variant-ligatures: common-ligatures; white-space: normal; background-color: rgb(248, 248, 248);">For optimal security, it is recommended to incorporate a combination of uppercase and lowercase letters, numbers, and special characters into your passwords, while ensuring they are between 8 and 64 characters in length.</span><br></p></li><li style="list-style-type: disc; font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 11pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Store passwords in hashed format using industry-recognized password managers.</span></p></li><li style="list-style-type: disc; font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 11pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Add password user “salts” to shared login credentials.</span></p></li><li style="list-style-type: disc; font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 11pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Avoid reusing passwords.</span></p></li><li style="list-style-type: disc; font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 11pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Implement multiple failed login attempt account lockouts.</span></p></li><li style="list-style-type: disc; font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 11pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Disable password “hints”.</span></p></li><li style="list-style-type: disc; font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 11pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Refrain from requiring password changes unless there is evidence of password compromise.&nbsp;</span></p></li></ul><br><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Note: NIST guidance suggests favoring longer passwords and no longer requiring regular and frequent password resets. Frequent password resets are more likely to result in users developing password “patterns” cyber criminals can easily decipher.</span></p><br><ul style="margin-top:0;margin-bottom:0;"><li style="list-style-type: disc; font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 11pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Require administrator credentials to install software.</span></p></li><li style="list-style-type: disc; font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 11pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Only use secure networks; avoid using public Wi-Fi networks.</span></p></li><li style="list-style-type: disc; font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 11pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Consider installing and using a Virtual Private Network (VPN) to establish secure remote connections.</span></p></li><li style="list-style-type: disc; font-size: 11pt; font-family: Arial; color: rgb(0, 0, 0); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline; white-space: pre;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;" role="presentation"><span style="font-size: 11pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Focus on cybersecurity awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities, such as ransomware and phishing scams.</span></p></li></ul><div><span id="docs-internal-guid-91634ca8-7fff-d4a2-279d-499d4002ad15"><h3 style="line-height: 1.44; margin-top: 13pt; margin-bottom: 0pt;"><span style="font-size: 13pt; font-family: Roboto, sans-serif; color: rgb(27, 27, 27); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">MITRE ATT&amp;CK Techniques</span></h3><p style="line-height: 2.1; margin-top: 0pt; margin-bottom: 0pt; padding: 14pt 0pt 12pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">MedusaLocker actors use the ATT&amp;CK techniques listed in Table 1.</span></p><p style="line-height: 2.1; margin-top: 0pt; margin-bottom: 12pt; padding: 2pt 0pt 0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Table 1: MedusaLocker Actors ATT&amp;CK Techniques for Enterprise</span></p><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col><col></colgroup><tbody><tr style="height:29.25pt;"><td style="border-left:solid #1b1b1b 0.75pt;border-right:solid #1b1b1b 0.75pt;border-bottom:solid #1b1b1b 0.75pt;border-top:solid #1b1b1b 0.75pt;vertical-align:middle;background-color:#005288;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.68;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Roboto, sans-serif; color: rgb(255, 255, 255); background-color: transparent; font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; text-decoration-line: underline; vertical-align: baseline;">Initial Access</span></p></td><td style="border-left:solid #1b1b1b 0.75pt;border-bottom:solid #f5fafc 0.75pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-bottom:solid #f5fafc 0.75pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><br></td></tr><tr style="height:30.75pt;"><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #1b1b1b 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Technique Title</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">ID</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Use</span></p></td></tr><tr style="height:66.75pt;"><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">External Remote Services</span></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">T1133</span></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">MedusaLocker actors gained access to victim devices through vulnerable RDP configurations.</span></p></td></tr><tr style="height:66.75pt;"><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Phishing</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">T1566</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">MedusaLocker actors used phishing and spearphishing to obtain access to victims' networks.</span></p></td></tr><tr style="height:30.75pt;"><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; text-decoration-line: underline; vertical-align: baseline;">Execution</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><br></td></tr><tr style="height:30.75pt;"><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Technique Title</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">ID</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Use</span></p></td></tr><tr style="height:84.75pt;"><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Command and Scripting Interpreter: PowerShell</span></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:2.1;margin-top:0pt;margin-bottom:12pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">T1059.001</span></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">MedusaLocker actors may abuse PowerShell commands and scripts for execution.</span></p></td></tr><tr style="height:30.75pt;"><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; text-decoration-line: underline; vertical-align: baseline;">Defense Evasion</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><br></td></tr><tr style="height:30.75pt;"><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Technique Title</span></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">ID</span></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Use</span></p></td></tr><tr style="height:102.75pt;"><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Impair Defenses: Safe Mode Boot</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:2.1;margin-top:0pt;margin-bottom:12pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">T1562.009</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">MedusaLocker actors may abuse Windows safe mode to disable endpoint defenses. Safe mode starts up the Windows operating system with a limited set of drivers and services.</span></p></td></tr><tr style="height:30.75pt;"><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; text-decoration-line: underline; vertical-align: baseline;">Impact</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><br></td><td style="border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:top;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><br></td></tr><tr style="height:30.75pt;"><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Technique Title</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">ID</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Use</span></p></td></tr><tr style="height:84.75pt;"><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Data Encrypted for Impact</span></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">T1486</span></p></td><td style="border-width: 0.75pt; border-style: solid; border-color: rgb(245, 250, 252); vertical-align: middle; padding: 6pt 8pt; overflow: hidden; overflow-wrap: break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">MedusaLocker actors encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources.</span></p></td></tr><tr style="height:102.75pt;"><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">Inhibit System Recovery</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">T1490</span></p></td><td style="border-left:solid #f5fafc 0.75pt;border-right:solid #f5fafc 0.75pt;border-bottom:solid #f5fafc 0.75pt;border-top:solid #f5fafc 0.75pt;vertical-align:middle;background-color:#f5fafc;padding:6pt 8pt 6pt 8pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.7999999999999998;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial; color: rgb(27, 27, 27); background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; vertical-align: baseline;">MedusaLocker actors may deny access to operating systems containing features that can help fix corrupted systems, such as backup catalog, volume shadow copies, and automatic repair.</span></p></td></tr></tbody></table></div></span></div></span>