New RansomHub attack uses TDSKiller and LaZagne, disables EDR - ThreatDown by Malwarebytes
Tags
attack-pattern: | Data Credentials - T1589.001 File Deletion - T1070.004 File Deletion - T1630.002 Malware - T1587.001 Malware - T1588.001 Tool - T1588.002 File Deletion - T1107 |
Common Information
Type | Value |
---|---|
UUID | 2e4a962c-4334-41a0-9b7f-3abb7a627979 |
Fingerprint | 9f0569d98a93fa8a |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Sept. 9, 2024, 7:17 p.m. |
Added to db | Sept. 9, 2024, 10:13 p.m. |
Last updated | Nov. 14, 2024, 5:07 a.m. |
Headline | UNKNOWN |
Title | New RansomHub attack uses TDSKiller and LaZagne, disables EDR - ThreatDown by Malwarebytes |
Detected Hints/Tags/Attributes | 27/1/8 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 474 | ✔ | Blog – ThreatDown by Malwarebytes | https://www.threatdown.com/blog/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 15 | malware.ai |
|
Details | File | 8 | tdsskiller.exe |
|
Details | File | 16 | lazagne.exe |
|
Details | File | 15 | malware.ai |
|
Details | md5 | 3 | ff1eff0e0f1f2eabe1199ae71194e560 |
|
Details | md5 | 4 | 5075f994390f9738e8e69f4de09debe6 |
|
Details | sha256 | 3 | 2d823c8b6076e932d696e8cb8a2c5c5df6d392526cba8e39b64c43635f683009 |
|
Details | sha256 | 4 | 467e49f1f795c1b08245ae621c59cdf06df630fc1631dc0059da9a032858a486 |