S(C)wipe

The purpose of this chain is to deliver a ransomware attack (for Linux) without using a traditional encryption method, therefore becoming harder to detect and presenting an alternative method to a current potential “blind spot” in defenses. Learn more on our release blog post >

This chain includes the following resources:(hover over elements to read details)

TTPs
  • Non-encryption ransomware
Supported platforms
  • linux
Supported executors
  • sh
Payloads
  • SCwipe
  • CSwipe
In The News
Timeline of a Ransomware Attack | Aon
Threat Intel
GitHub - goliate/hidden-tear: ransomware open-sources

Use Prelude chains to test your defense with simulated adversaries.
New chains drop weekly on #TTPtuesday

The Prelude Operator App

Run attack chains in the Prelude Operator app, available on all systems. Defend your organization by mimicking real adversarial attacks, and more.

Download

Operator in Action

Upcoming

Next Chain Drop
6:11:58:01
2022-01-18

More Chains

← Previous

Conti Recon And Initial Access

2022-01-11
tactics
execution
initial-access
Tags
Platforms
windows
Stage a phishing email in user's Documents directory then open it. Next, stage and launch a malicious PDF in user's Downloads directory. The malicious PDF creates a C:\Conti directory to stage and launch a Jambi agent.

Next →

S(C)wipe

2021-12-28
tactics
impact
Tags
ransomware
destructive
Platforms
darwin
The purpose of this chain is to deliver a ransomware attack without using a traditional encryption method, therefore becoming harder to detect and presenting an alternative method to a current potential “blind spot” in defenses.

Latest Drop

Conti Recon And Initial Access

2022-01-11
tactics
execution
initial-access
Tags
Platforms
windows
Stage a phishing email in user's Documents directory then open it. Next, stage and launch a malicious PDF in user's Downloads directory. The malicious PDF creates a C:\Conti directory to stage and launch a Jambi agent.