cybercrime
GOLD OLDFIELD
Objectives
Tools
SUMMARY
GOLD OLDFIELD are the operators of the MegaCortex ransomware, that has been used in post-intrusion attacks. The initial intrusion vector leading to GOLD OLDFIELD attacks is unknown, although it could be through existing commodity infections such as Emotet or Qakbot. Once in the environment, GOLD OLDFIELD is believed to use PowerShell, Meterpeter and Cobalt Strike for lateral movement, with the ransomware ultimately being pushed using PSExec and credentials stolen from domain controllers.
Contactez-nous
Que votre organisation ait besoin d’une assistance immédiate ou que vous souhaitiez discuter de vos besoins en matière de préparation aux incidents, de réponse et de test, contactez-nous directement ci-dessous.