Merge pull request #28 from reevesrs24/docs/interlock-ransomware-azcopy

Update Exfiltration.md
BushidoUK · Nov 9, 2024 · bbe7c4d · bbe7c4d
2 parents cbe27b7 + abeea8c
commit bbe7c4d
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 1 deletion.
diff --git a/ThreatIntel/ExtraThreatIntel.md b/ThreatIntel/ExtraThreatIntel.md
@@ -5,6 +5,7 @@
 
 | Date Published | Ransomware/Extortionist | Report |
 |---|---|---|
+| 7 November 2024 | Interlock | https://blog.talosintelligence.com/emerging-interlock-ransomware/ |
 | 23 October 2024 | Embargo | https://www.welivesecurity.com/en/eset-research/embargo-ransomware-rocknrust/ |
 | 3 October 2024 | Medusa Locker | https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022 |
 | 26 September 2024 | Storm-0501* (Sabbath/54bb47h, Hive, BlackCat, Hunters International, LockBit, Embargo) | https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/ |

diff --git a/Tools/AllTools.csv b/Tools/AllTools.csv
@@ -26,7 +26,7 @@ RustScan,RemotePC,,NirSoft SniffPass,SharpSploit,,,Transfert-my-files
 RVTools,RemoteUtilities,,NirSoft VNCPassView,Sliver,,,Transfer[.]sh
 S3 Browser,RPort,,NirSoft WebBrowserPassView,TinyMet,,,UFile
 Seatbelt,RSAT,,NirSoft WirelessKeyView,ThunderShell,,,WinSCP
-ServiceControl (sc.exe),RustDesk,,PasswordFox,WinPEAS,,,
+ServiceControl (sc.exe),RustDesk,,PasswordFox,WinPEAS,,,AZCopy
 SharpHound,ScreenConnect,,ProcDump,,,,
 ShareFinder,SimpleHelp,,RDP Recognizer,,,,
 SharpShares,Sorillus,,Router Scan,,,,

diff --git a/Tools/Exfiltration.md b/Tools/Exfiltration.md
@@ -9,6 +9,7 @@
 | Tool Name | Threat Group Usage |
 |---|---|
 | Anonfiles | Avaddon, LockBit |
+| AZCopy | Interlock |
 | Bashupload | DarkSide |
 | Catbox[.]moe | *Br0k3r |
 | Cyberduck | Scattered Spider* |