S0605Windows

S0605EKANS

Platforms
1
ATT&CK
14.1
References
4

Description

[EKANS](https://attack.mitre.org/software/S0605) is ransomware variant written in Golang that first appeared in mid-December 2019 and has been used against multiple sectors, including energy, healthcare, and automotive manufacturing, which in some cases resulted in significant operational disruptions. [EKANS](https://attack.mitre.org/software/S0605) has used a hard-coded kill-list of processes, including some associated with common ICS software platforms (e.g., GE Proficy, Honeywell HMIWeb, etc), similar to those defined in [MegaCortex](https://attack.mitre.org/software/S0576).(Citation: Dragos EKANS)(Citation: Palo Alto Unit 42 EKANS)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S0605
  2. https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/
  3. https://unit42.paloaltonetworks.com/threat-assessment-ekans-ransomware/
  4. https://www.fireeye.com/blog/threat-research/2020/02/ransomware-against-machine-learning-to-disrupt-industrial-production.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
FIVEHANDS
Software
Egregor
Software
Snake-Ekans
Software
DEATHRANSOM
Software
MegaCortex
Software
Ensiko
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.