Today > | 3 Medium vulnerabilities   -   You can now download lists of IOCs here!

New ransomware group abusing BitLocker

May 23, 2024, 3:24 p.m.

Description

The report examines an incident where threat actors leveraged Microsoft's BitLocker encryption utility to deploy unauthorized file encryption on targeted systems. The adversaries employed a sophisticated VBScript that resized disk partitions, modified registry entries, enabled BitLocker with randomized encryption keys, and exfiltrated the keys to a command-and-control server. The analysis provides insights into the malware's tactics, techniques, procedures, artifacts, and potential recovery methods, highlighting the creative abuse of legitimate system features by cybercriminals.

Date

Published: May 23, 2024, 2:49 p.m.

Created: May 23, 2024, 2:49 p.m.

Modified: May 23, 2024, 3:24 p.m.

Indicators

https://earthquake-js-westminster-searched.trycloudflare.com:443/updatelog

https://generated-eating-meals-top.trycloudflare.com/updatelogead

https://generated-eating-meals-top.trycloudflare.com/updatelog

https://scottish-agreement-laundry-further.trycloudflare.com/updatelog

conspiracyid9@protonmail.com

onboardingbinder@proton.me

Attack Patterns

Trojan.Win32.Generic

Trojan-Ransom.VBS.BitLock.gen

Trojan.VBS.SAgent.gen

T1562.004

T1070.001

T1059.005

T1059.001

T1529

T1486

T1047

T1112

T1041

CVE-2024-30051

Additional Informations

Jordan

Indonesia

Mexico