INC Ransom

Techniques (MITRE ATT&CK)25

SourceMITRE ATT&CK

Also known as:GOLD IONIC

Vexday analysis

O INC Ransom (também rastreado como GOLD IONIC, identificador MITRE ATT&CK G1032) é um grupo de ransomware e extorsão de dados associado à implantação do INC Ransomware, ativo desde pelo menos julho de 2023. O grupo tem como alvos organizações em todo o mundo, com maior incidência nos setores industrial, de saúde e educação, principalmente nos Estados Unidos e na Europa. São documentadas 25 técnicas no framework MITRE ATT&CK e 3 CVEs atribuídas ao grupo.

Techniques (MITRE ATT&CK) 25

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Tool

Initial access

Exploit Public-Facing Application Phishing

Execution

Windows Management Instrumentation Windows Command Shell Service Execution

Discovery

Network Service Discovery System Network Connections Discovery Domain Groups Domain Account Network Share Discovery

Lateral movement

Remote Desktop Protocol Lateral Tool Transfer

Collection

Data Staged Archive via Utility

Command and control

Application Layer Protocol Ingress Tool Transfer Remote Access Tools

Exfiltration

Transfer Data to Cloud Account

Impact

Data Encrypted for Impact Financial Theft

defense-impairment

Disable or Modify Tools

stealth

Match Legitimate Resource Name or Location File Deletion Valid Accounts

Exploited vulnerabilities 3

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2014-7169CRITICALEPSS 100%KEV CVE-2023-3519CRITICALEPSS 99%KEV CVE-2016-6662EPSS 68%

INC Ransom uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →