Lucene search
K

13 matches found

Rapid7 Blog
Rapid7 Blog
added 2023/08/31 1:0 p.m.17 views

Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library

Carlos Canto contributed to this article. Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download. The focus of this release was on improving user efficiency while also expanding and strengthening the library of VQL plug-ins and artifacts. Let’s take a...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/20 4:56 p.m.39 views

Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks

Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. "Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2022/03/10 2:0 p.m.126 views

Multi-Ransomwared Victims Have It Coming–Podcast

You hate to blame the victim, but the fact of the matter is that businesses are just asking to get whacked with ransomware multiple times. A recent study of IT leaders from cloud-native network detection and response firm ExtraHop shows that businesses aren’t even aware of the “attack me,” “easy...

8.5AI score
Exploits0References8
hivepro
hivepro
added 2022/03/10 5:54 a.m.10 views

RangnarLocker Ransomware hits Critical Infrastructure Compromising 50+ Organizations

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Federal Bureau of Investigation FBI has released an alert on Ragnarlocker campaign that has affected nearly 52 organizations encompassing 10 critical infrastructure sectors, including entities in significant manufacturing,...

6.8AI score
Exploits0
GithubExploit
GithubExploit
added 2021/07/22 3:7 a.m.160 views

Exploit for CVE-2021-36934

Invoke-HiveNightmare PowerShell-based PoC for CVE-2021-36934,...

7.8CVSS9.1AI score0.67252EPSS
Exploits11
Qualys Blog
Qualys Blog
added 2021/06/09 3:0 p.m.309 views

DarkSide Ransomware

DarkSide ransomware is a relatively new ransomware strain that threat actors have been using to target multiple large, high-revenue organizations resulting in the encryption and theft of sensitive data and threats to make it publicly available if the ransom demand is not paid. Because of its...

10CVSS0.4AI score0.96823EPSS
Exploits2
Metasploit
Metasploit
added 2021/01/08 5:42 p.m.48 views

Windows Manage Volume Shadow Copies

This module will perform management actions for Volume Shadow Copies on the system. This is based on the VSSOwn Script originally posted by Tim Tomes and Mark Baggett. Works on win2k3 and later. Module Options msf use post/windows/manage/vss msf postvss show actions ...actions... msf postvss set...

7.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/02/07 5:44 p.m.126 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: MailTo (NetWalker) Ransomware

MailTo is a ransomware variant that has recently been reported to have been part of a targeted attack against Toll Group, an Australian freight and logistics company. This ransomware makes no attempt to remain stealthy, and quickly encrypts the user’s data as soon as the ransomware is launched...

6.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/01/21 4:49 p.m.37 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: Snatch Ransomware

During the end of the year 2019, a ransomware named ‘Snatch” was discovered. Snatch ransomware will force Windows to reboot in Safe Mode where most of the software and system drivers will not be running in order to perform the file encryption process. Similar to the other variants of ransomware, ...

7.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/12/18 5:44 p.m.67 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: DeathRansom Ransomware

During mid-November, a new ransomware named ‘DeathRansom” was found being distributed. Similar to the other variants of ransomware, it will perform the deletion of volume shadow copies to ensure all the data cannot be restored easily. After the DeathRansom performs file encryption, it will drop...

6.8AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/03 3:0 p.m.127 views

CB TAU Threat Intelligence Notification: GandCrab 5.2 Ransomware Attempts to Delete Volume Shadow Copies

GandCrab 5.2 ransomware will append seven randomly generated strings as the file extension to each encrypted file and drop a ransom note named as ‘generated file extension-MANUAL.txt’, for example, “office.doc.uahmthl” and “UAHMTHL-MANUAL.txt”. It will also change the desktop background of the...

6.7AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/02/01 3:45 p.m.137 views

TAU Threat Intelligence Notification: Shade Ransomware

Summary Recently there is a new wave of malicious spam campaign distributing Shade ransomware via sending malicious JavaScript attachments. The spam campaign was mainly targeting users from Russia, and the ransom note was written in both Russian and English. This variant of Shade ransomware will...

6.6AI score
Exploits0
Metasploit
Metasploit
added 2011/12/30 11:3 p.m.23 views

Windows Manage List Shadow Copies

This module will attempt to list any Volume Shadow Copies on the system. This is based on the VSSOwn Script originally posted by Tim Tomes and Mark Baggett. Works on win2k3 and later...

7AI score
Exploits0
Rows per page
Query Builder