This repository was created with the aim of assisting companies and independent researchers about Tactics, Techniques and Procedures adopted by Ransomware Operators/Groups active or not and also threat actors that are operating in society.
In addition to mapping Tactics, Techniques and Procedures, I am inserting data on commands, tools, useful locations for researching artifacts and others.
The main focus is to assist organizations and individual researchers on each type of actor, providing a summary of their trajectory and additional information that can be used.
| FOLDER | DESCRIPTION |
|---|---|
| Actor's Name | Description of activities, operation details, TTPs and Tools used |
| Commands | Repository intended to insert commands captured based on DFIR and CTI activities of Threat Actors, Ransomware groups and affiliates |
| Payload locations | Repository designed to inform locations commonly used to execute ransomware and other threats |
Questions: https://twitter.com/crocodylii
The aim is to map all possible strategies adopted by Ransomware operators and contributions are welcome!
