Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.3K
active users

ioc.exchange: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Public
Just Another Blue Teamer

Happy Friday to you all!

The Trend Micro researchers observed the ransomware leveraging the BYOVD (bring your own vulnerable driver) technique. They also analyzed the code and found that there was a lot in common with the strain of ransomware as well, which would not be surprising, since these groups tend to help each other out, learn, and grow together to make the "best" malware that they can. Of course, they also witnessed some LOLBIN (living off the land binaries) abuse as well as a defense evasion technique used to kill antivirus services. There are plenty more details in the report, so I hope you enjoy! Happy Hunting!

Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver
trendmicro.com/en_us/research/

Trend Micro · Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver 
#CyberSecurity#ITSecurity#InfoSec
Just Another Blue Teamer

Notable MITRE ATT&CK TTPs (Let me know which ones I missed!):
TA0002 - Execution
T1059.003 - Command and Scripting Interpreter: Windows Command Shell

TA0040 - Impact
T1490 - Inhibit System Recovery

TA0008 - Lateral Movement
T1021.002 - Remote Services: SMB/Windows Admins Shares

TA0005 - Defense Evasion
T1562.001 - Impair Defenses: Disable or Modify Tools

#CyberSecurity#ITSecurity#InfoSec
Jan 26, 2024, 03:06 PM·Public·Web
0boosts·0favorites
ExploreLive feeds
About