S0639 Seth-Locker
Seth-Locker is a ransomware with some remote control capabilities that has been in use since at least 2021. 1
| Item | Value |
|---|---|
| ID | S0639 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 13 August 2021 |
| Last Modified | 13 October 2021 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1059 | Command and Scripting Interpreter | - |
| enterprise | T1059.003 | Windows Command Shell | Seth-Locker can execute commands via the command line shell.1 |
| enterprise | T1486 | Data Encrypted for Impact | Seth-Locker can encrypt files on a targeted system, appending them with the suffix .seth.1 |
| enterprise | T1105 | Ingress Tool Transfer | Seth-Locker has the ability to download and execute files on a compromised host.1 |