Ransom Tales: Volume II – Emulating Gunra, Anubis and DevMan Ransomware

AttackIQ presents the second volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Gunra, Anubis and DevMan ransomware families.

Author: Francis Guibernau Read More
[CISA AA25-203A] #StopRansomware: Interlock
Adversary Emulation

[CISA AA25-203A] #StopRansomware: Interlock

AttackIQ has released two new attack graphs in response to the CISA Advisory (AA25-203A) published on July 22, 2025, which disseminates known Interlock ransomware Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) identified through FBI investigations as recently as June 2025.
Read More
Ransom Tales: Volume I – Emulating BlackLock, Embargo, and Mamona Ransomware
Adversary Emulation

Ransom Tales: Volume I – Emulating BlackLock, Embargo, and Mamona Ransomware

AttackIQ introduces Ransom Tales, an initiative designed to emulate the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the BlackLock, Embargo and Mamona ransomware families.
Read More
Iranian Cyber Threat Escalation: Preparing for Asymmetric Response through Adversarial Validation Emulation
Iran

Iranian Cyber Threat Escalation: Preparing for Asymmetric Response through Adversarial Validation Emulation

Amid rising tensions after Israeli and U.S. strikes on Iranian nuclear sites, experts warn of increased Iranian cyber retaliation. With limited conventional options, Iran is expected to rely on cyberattacks against U.S. infrastructure and defense sectors. DHS has issued alerts on threats from state-backed hackers and proxies. AttackIQ continues to help organizations test and strengthen their defenses.
Read More

Most Recent

Emulating the Splintered Hunters International Ransomware
Adversary Emulation

Emulating the Splintered Hunters International Ransomware
AttackIQ has released a new attack graph emulating the behaviors exhibited by Hunters International ransomware since its discovery in October 2023. Technical analysis suggests a realistic possibility that Hunters International may have been deployed by actors linked to the disrupted Hive operation. However, while it bears significant similarities, Hunters International is not a direct rebrand.
Read More
Updated Response to CISA Advisory (AA23-136A): #StopRansomware: BianLian Ransomware Group
Adversary Emulation

Updated Response to CISA Advisory (AA23-136A): #StopRansomware: BianLian Ransomware Group
AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA23-136A) that disseminates known BianLian ransomware group Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) identified through the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) investigations.
Read More
Emulating the Tenacious Ako Ransomware
Adversary Emulation

Emulating the Tenacious Ako Ransomware
AttackIQ has released a new attack graph emulating the behaviors exhibited by Ako ransomware since its emergence in January 2020. Contrary to many ransomware strains that focus on individual workstations, Ako targets entire networks, maximizing its impact. It is considered a variant of MedusaLocker due to numerous shared traits, including its defensive behavior and its strategic isolation of specific machines for encryption.
Read More
Introducing Flex 3.0: Elevating Threat Detection in a Dynamic Landscape
AttackIQ Flex

Introducing Flex 3.0: Elevating Threat Detection in a Dynamic Landscape
In today's rapidly evolving threat landscape, cyber defense is more crucial than ever. As we introduce Flex 3.0, let’s first look at what drives the need for a stronger, smarter approach to detection. Advanced persistent threats (APTs) and sophisticated attacker tactics are now part of the norm. Modern attackers are faster and more creative, taking mere hours to move from initial compromise to reaching their objectives. Yet, detecting an attacker often takes days—sometimes even months.
Read More
Response to CISA Advisory (AA24-326A): Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization
Adversary Emulation

Response to CISA Advisory (AA24-326A): Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization
In response to the recently published CISA Advisory (AA24-326A) which highlights the CISA Red Team's simulation of real-world malicious cyber operations, AttackIQ has provided actionable recommendations to help organizations emulate these attacks. These guidelines enable organizations to emulate tactics and techniques, helping to assess and improve their defenses against similar adversarial behaviors.
Read More