Incident Score: Analysis & Impact (MCDIBENISDEC1768955534)

Rankiteo's analysis has identified several MITRE ATT&CK tactics and techniques associated with this incident, each with varying levels of confidence based on available evidence. Under the Initial Access tactic, the analysis identified Exploit Public-Facing Application (T1190) with moderate confidence (50%), supported by evidence indicating breach of McDonald’s India, allegedly exfiltrating 861 GB of data and Valid Accounts (T1078) with moderate to high confidence (70%), supported by evidence indicating store-level data, including manager names and company email addresses. Under the Execution tactic, the analysis identified User Execution: Malicious File (T1204.002) with moderate confidence (60%), supported by evidence indicating everest ransomware group claimed responsibility for the breach. Under the Credential Access tactic, the analysis identified Unsecured Credentials: Credentials In Files (T1552.001) with moderate to high confidence (70%), supported by evidence indicating financial reports, audit trails, ERP migration files compromised and OS Credential Dumping (T1003) with moderate confidence (60%), supported by evidence indicating store-level data includes manager names and company email addresses. Under the Discovery tactic, the analysis identified File and Directory Discovery (T1083) with moderate to high confidence (80%), supported by evidence indicating structured directories with month-by-month accounting records, Investor Info and Account Discovery: Domain Account (T1087.002) with moderate to high confidence (70%), supported by evidence indicating contact Database with investor and business partner details. Under the Collection tactic, the analysis identified Data from Local System (T1005) with high confidence (90%), supported by evidence indicating 861 GB of customer data and internal documents allegedly exfiltrated and Data from Network Shared Drive (T1039) with moderate to high confidence (80%), supported by evidence indicating financial reports, audit trails, ERP migration files accessed. Under the Exfiltration tactic, the analysis identified Exfiltration Over C2 Channel (T1041) with high confidence (90%), supported by evidence indicating 861 GB of data allegedly stolen and posted on dark web leak site and Exfiltration Over Web Service: Exfiltration to Cloud Storage (T1567.002) with moderate confidence (60%), supported by evidence indicating data breach involving large-scale exfiltration (861 GB). Under the Impact tactic, the analysis identified Data Encrypted for Impact (T1486) with moderate confidence (50%), supported by evidence indicating everest ransomware group claimed responsibility for the breach and Defacement: Internal Defacement (T1491.001) with lower confidence (40%), supported by evidence indicating screenshots of financial reports and internal docs posted on leak site. Under the Command and Control tactic, the analysis identified Application Layer Protocol: Web Protocols (T1071.001) with moderate confidence (60%), supported by evidence indicating data exfiltrated via dark web leak site (likely C2 channel). These correlations help security teams understand the attack chain and develop appropriate defensive measures based on the observed tactics and techniques.