cti-ATT-CK-v13.1/enterprise-attack/malware/malware--00e7d565-9883-4ee5-b642-8fd17fd6a3f5.json

{
    "type": "bundle",
    "id": "bundle--4e399473-3c95-4843-96cc-0a9e7e44c333",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-03-08T22:04:48.834Z",
            "name": "EKANS",
            "description": "[EKANS](https://attack.mitre.org/software/S0605) is ransomware variant written in Golang that first appeared in mid-December 2019 and has been used against multiple sectors, including energy, healthcare, and automotive manufacturing, which in some cases resulted in significant operational disruptions. [EKANS](https://attack.mitre.org/software/S0605) has used a hard-coded kill-list of processes, including some associated with common ICS software platforms (e.g., GE Proficy, Honeywell HMIWeb, etc), similar to those defined in [MegaCortex](https://attack.mitre.org/software/S0576).(Citation: Dragos EKANS)(Citation: Palo Alto Unit 42 EKANS)",
            "x_mitre_platforms": [
                "Windows"
            ],
            "x_mitre_deprecated": false,
            "x_mitre_domains": [
                "enterprise-attack",
                "ics-attack"
            ],
            "x_mitre_version": "2.0",
            "x_mitre_aliases": [
                "EKANS",
                "SNAKEHOSE"
            ],
            "type": "malware",
            "id": "malware--00e7d565-9883-4ee5-b642-8fd17fd6a3f5",
            "created": "2021-02-12T20:07:42.883Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/software/S0605",
                    "external_id": "S0605"
                },
                {
                    "source_name": "EKANS",
                    "description": "(Citation: Dragos EKANS)(Citation: Palo Alto Unit 42 EKANS)(Citation: FireEye Ransomware Feb 2020)"
                },
                {
                    "source_name": "SNAKEHOSE",
                    "description": "(Citation: FireEye Ransomware Feb 2020)"
                },
                {
                    "source_name": "Dragos EKANS",
                    "description": "Dragos. (2020, February 3). EKANS Ransomware and ICS Operations. Retrieved February 9, 2021.",
                    "url": "https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/"
                },
                {
                    "source_name": "Palo Alto Unit 42 EKANS",
                    "description": "Hinchliffe, A. Santos, D. (2020, June 26). Threat Assessment: EKANS Ransomware. Retrieved February 9, 2021.",
                    "url": "https://unit42.paloaltonetworks.com/threat-assessment-ekans-ransomware/"
                },
                {
                    "source_name": "FireEye Ransomware Feb 2020",
                    "description": "Zafra, D., et al. (2020, February 24). Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT. Retrieved March 2, 2021.",
                    "url": "https://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "labels": [
                "malware"
            ],
            "x_mitre_attack_spec_version": "3.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}