Brain Cipher Ransomware uses CVE-2023-28252

Dec. 17, 2024, 5:06 p.m.

Description

Brain Cipher ransomware is suspected of exploiting CVE-2023-28252, a vulnerability previously utilized by the now-inactive Nokowaya Ransomware Group. The exploit, often disguised as 'clfs_eop.exe', targets the Microsoft Windows CLFS Driver for privilege escalation. This vulnerability is being sold on underground networks for $5K to $25K, indicating the existence of unpatched systems. The analysis provides multiple MD5 hashes associated with the exploit, along with several IP addresses potentially related to the CVE or Brain Cipher operations. The exploitation of this vulnerability highlights the ongoing threat posed by ransomware groups adapting to use newly discovered security flaws.

External References

https://justpaste.it/5a8zl
https://otx.alienvault.com/pulse/6761a75807a4d64dc1d8a3d4
Tags
ransomware
privilege-escalation
2024-12-17
CVE-2023-28252
brain cipher
clfs filename

Date

  • Created: Dec. 17, 2024, 4:31 p.m.
  • Published: Dec. 17, 2024, 4:31 p.m.
  • Modified: Dec. 17, 2024, 5:06 p.m.

Indicators

  • 910be5f0c4f5b002e5673422a6576a00768a626145207a3497237f01e0a32a9f
  • d2553c2bb7f3f4ab426faf15e1117d03120650382f7f68133a06e26af4678446
Download all indicators here!

Attack Patterns

  • Brain Cipher
  • Brain Cipher