Brain Cipher Ransomware uses CVE-2023-28252

Tags

External References

• https://justpaste.it/
• https://otx.alienvault.com/

Description

Brain Cipher ransomware is suspected of exploiting CVE-2023-28252, a vulnerability previously utilized by the now-inactive Nokowaya Ransomware Group. The exploit, often disguised as 'clfs_eop.exe', targets the Microsoft Windows CLFS Driver for privilege escalation. This vulnerability is being sold on underground networks for $5K to $25K, indicating the existence of unpatched systems. The analysis provides multiple MD5 hashes associated with the exploit, along with several IP addresses potentially related to the CVE or Brain Cipher operations. The exploitation of this vulnerability highlights the ongoing threat posed by ransomware groups adapting to use newly discovered security flaws.

Date