Just Another Blue Teamer<p>Happy Friday to you all! </p><p>The Trend Micro researchers observed the <a href="https://ioc.exchange/tags/Kasseika" class="mention hashtag" rel="tag">#<span>Kasseika</span></a> ransomware leveraging the BYOVD (bring your own vulnerable driver) technique. They also analyzed the code and found that there was a lot in common with the <a href="https://ioc.exchange/tags/BlackMatter" class="mention hashtag" rel="tag">#<span>BlackMatter</span></a> strain of ransomware as well, which would not be surprising, since these groups tend to help each other out, learn, and grow together to make the "best" malware that they can. Of course, they also witnessed some LOLBIN (living off the land binaries) abuse as well as a defense evasion technique used to kill antivirus services. There are plenty more details in the report, so I hope you enjoy! Happy Hunting!</p><p>Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver<br /><a href="https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">trendmicro.com/en_us/research/</span><span class="invisible">24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html</span></a></p><p><a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="tag">#<span>CyberSecurity</span></a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="tag">#<span>ITSecurity</span></a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="tag">#<span>InfoSec</span></a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="tag">#<span>BlueTeam</span></a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="tag">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="tag">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="tag">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="tag">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="tag">#<span>readoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="tag">#<span>gethunting</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC)
InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.
Administered by:
Server stats:
1.3Kactive users
ioc.exchange: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#kasseika
0 posts · 0 participants · 0 posts today
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload