Skip to content

Commit

Permalink
Merge pull request #30 from sudesh0sudesh/main
Browse files Browse the repository at this point in the history 
SafePay Ransomware Group
  • Loading branch information
@BushidoUK
BushidoUK authored Dec 11, 2024
2 parents bbe7c4d + e11473c commit 5738164
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions GroupProfiles/SafePay.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# SafePay's Tools

| Discovery | RMM Tools | Defense Evasion | Credential Theft | OffSec | Networking | LOLBAS | Exfiltration |
|---|---|---|---|---|---|---|---|
| Invoke-ShareFinder | Microsoft RDP | | | | | Regsvr32.exe | FileZilla |
| | | | | | | CMSTPLUA | 7zip |
| | | | | | | dllhost.exe | WinRAR |

> [!NOTE]
> This is the list of tools that have been observed during various intrusions that lead to SafePay ransomware deployment.
#### Sources
| Date Published | Report |
|---|---|
| 24 November 2024 | [It's Not Safe to Pay SafePay](https://www.huntress.com/blog/its-not-safe-to-pay-safepay) |

0 comments on commit 5738164

Please sign in to comment.