{"description": "Enterprise techniques used by Pay2Key, ATT&CK software S0556 (v1.0)", "name": "Pay2Key (S0556)", "domain": "enterprise-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1486", "comment": "[Pay2Key](https://attack.mitre.org/software/S0556) can encrypt data on victim's machines using RSA and AES algorithms in order to extort a ransom payment for decryption.(Citation: ClearkSky Fox Kitten February 2020)(Citation: Check Point Pay2Key November 2020)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1573", "showSubtechniques": true}, {"techniqueID": "T1573.002", "comment": "[Pay2Key](https://attack.mitre.org/software/S0556) has used RSA encrypted communications with C2.(Citation: Check Point Pay2Key November 2020)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1070", "showSubtechniques": true}, {"techniqueID": "T1070.004", "comment": "[Pay2Key](https://attack.mitre.org/software/S0556) can remove its log file from disk.(Citation: Check Point Pay2Key November 2020)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1095", "comment": "[Pay2Key](https://attack.mitre.org/software/S0556) has sent its public key to the C2 server over TCP.(Citation: Check Point Pay2Key November 2020)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1090", "showSubtechniques": true}, {"techniqueID": "T1090.001", "comment": "[Pay2Key](https://attack.mitre.org/software/S0556) has designated machines in the compromised network to serve as reverse proxy pivot points to channel communications with C2.(Citation: ClearkSky Fox Kitten February 2020)(Citation: Check Point Pay2Key November 2020)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1489", "comment": "[Pay2Key](https://attack.mitre.org/software/S0556) can stop the MS SQL service at the end of the encryption process to release files locked by the service.(Citation: Check Point Pay2Key November 2020)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1082", "comment": "[Pay2Key](https://attack.mitre.org/software/S0556) has the ability to gather the hostname of the victim machine.(Citation: Check Point Pay2Key November 2020)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1016", "comment": "[Pay2Key](https://attack.mitre.org/software/S0556) can identify the IP and MAC addresses of the compromised host.(Citation: Check Point Pay2Key November 2020)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Pay2Key", "color": "#66b1ff"}]}