S(C)wipe

The purpose of this chain is to deliver a ransomware attack without using a traditional encryption method, therefore becoming harder to detect and presenting an alternative method to a current potential “blind spot” in defenses. Learn more on our release blog post >

This chain includes the following resources:(hover over elements to read details)

TTPs
  • Non-encryption ransomware
Supported platforms
  • darwin
Supported executors
  • sh
Payloads
  • SCwipe
  • CSwipe
In The News
New Mac Ransomware Is Even More Sinister Than It Appears
Threat Intel
OSX.EvilQuest Uncovered

Use Prelude chains to test your defense with simulated adversaries.
New chains drop weekly on #TTPtuesday

The Prelude Operator App

Run attack chains in the Prelude Operator app, available on all systems. Defend your organization by mimicking real adversarial attacks, and more.

Download

Operator in Action

Upcoming

Next Chain Drop
6:11:58:00
2022-01-18

More Chains

← Previous

S(C)wipe

2022-01-04
tactics
impact
Tags
ransomware
destructive
Platforms
linux
The purpose of this chain is to deliver a ransomware attack (for Linux) without using a traditional encryption method, therefore becoming harder to detect and presenting an alternative method to a current potential “blind spot” in defenses.

Next →

Windows LotL Ransomware

2021-12-21
tactics
discovery
collection
impact
Tags
ransomware
wizard spider
Platforms
windows
Discover the current users home directory. Generate a random password string. Use 7zip zip tool to recursively zip the discovered folder into a password-protected archive. Drop and open a ransom note.

Latest Drop

Conti Recon And Initial Access

2022-01-11
tactics
execution
initial-access
Tags
Platforms
windows
Stage a phishing email in user's Documents directory then open it. Next, stage and launch a malicious PDF in user's Downloads directory. The malicious PDF creates a C:\Conti directory to stage and launch a Jambi agent.