ROADSWEEP
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[ROADSWEEP](https://attack.mitre.org/software/S1150) is a ransomware that was deployed against Albanian government networks during [HomeLand Justice](https://attack.mitre.org/campaigns/C0038) along with the [CHIMNEYSWEEP](https://attack.mitre.org/software/S1149) backdoor.(Citation: Mandiant ROADSWEEP August 2022)
Associated Techniques (15)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1027.013 | Encrypted/Encoded File | - |
| T1059.003 | Windows Command Shell | - |
| T1070.004 | File Deletion | - |
| T1083 | File and Directory Discovery | - |
| T1120 | Peripheral Device Discovery | - |
| T1140 | Deobfuscate/Decode Files or Information | - |
| T1480 | Execution Guardrails | - |
| T1486 | Data Encrypted for Impact | - |
| T1489 | Service Stop | - |
| T1490 | Inhibit System Recovery | - |
| T1491.001 | Internal Defacement | - |
| T1547.001 | Registry Run Keys / Startup Folder | - |
| T1553.002 | Code Signing | - |
| T1559 | Inter-Process Communication | - |
| T1680 | Local Storage Discovery | - |
Metadata
| ID: | 536 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |