Tag: edr
2 attack reports | 0 vulnerabilities
Attack reports
New RansomHub attack uses TDSKiller and LaZagne, disables EDR
A recent analysis by the ThreatDown MDR team has uncovered a novel attack method employed by the RansomHub ransomware gang. The attackers are utilizing two tools: TDSSKiller, a legitimate Kaspersky rootkit removal utility, to disable endpoint detection and response (EDR) systems, and LaZagne, a cre…
Downloadable IOCs 2
Malware campaign attempts abuse of defender binaries
The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…
Downloadable IOCs 470