Tag: edr

2 attack reports | 0 vulnerabilities

Attack reports

New RansomHub attack uses TDSKiller and LaZagne, disables EDR

Published: September 11, 2024

A recent analysis by the ThreatDown MDR team has uncovered a novel attack method employed by the RansomHub ransomware gang. The attackers are utilizing two tools: TDSSKiller, a legitimate Kaspersky rootkit removal utility, to disable endpoint detection and response (EDR) systems, and LaZagne, a cre…

Downloadable IOCs 2

ransomware
credential harvesting
edr
ransomhub
byovd
2024-09-11
lazagne
tdsskiller
network segmentation

Malware campaign attempts abuse of defender binaries

Published: May 30, 2024

The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…

Downloadable IOCs 470

shellcode
2024-05-30
edr

New RansomHub attack uses TDSKiller and LaZagne, disables EDR

Published: September 11, 2024

A recent analysis by the ThreatDown MDR team has uncovered a novel attack method employed by the RansomHub ransomware gang. The attackers are utilizing two tools: TDSSKiller, a legitimate Kaspersky rootkit removal utility, to disable endpoint detection and response (EDR) systems, and LaZagne, a cre…

Downloadable IOCs 2

ransomware
credential harvesting
edr
ransomhub
byovd
2024-09-11
lazagne
tdsskiller
network segmentation

Malware campaign attempts abuse of defender binaries

Published: May 30, 2024

The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…

Downloadable IOCs 470

shellcode
2024-05-30
edr
» Click here to see all Attack Reports «