Tag: byovd
2 attack reports | 0 vulnerabilities
Attack reports
New RansomHub attack uses TDSKiller and LaZagne, disables EDR
A recent analysis by the ThreatDown MDR team has uncovered a novel attack method employed by the RansomHub ransomware gang. The attackers are utilizing two tools: TDSSKiller, a legitimate Kaspersky rootkit removal utility, to disable endpoint detection and response (EDR) systems, and LaZagne, a cre…
Downloadable IOCs 2
BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks
The BlackByte ransomware group continues leveraging established tactics and vulnerable drivers to bypass security controls, while also incorporating newly disclosed vulnerabilities and using stolen credentials for propagation. A new iteration of their encryptor appends the 'blackbytent_h' extension…
Downloadable IOCs 4