Weaponising VMs to bypass EDR - Akira ransomware
Tags
attack-pattern: Data Direct Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Tool - T1588.002 Hypervisor - T1062 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID 320479c8-4add-48ee-9fd3-f7e5e66a0a08
Fingerprint b56010dd0637b6c3
Analysis status DONE
Considered CTI value 1
Text language
Published Sept. 15, 2023, 2:41 a.m.
Added to db Oct. 24, 2023, 1:12 p.m.
Last updated Oct. 24, 2024, 9:49 p.m.
Headline Weaponising VMs to bypass EDR – Akira ransomware
Title Weaponising VMs to bypass EDR - Akira ransomware
Detected Hints/Tags/Attributes 70/1/4
Source URLs
Redirection Url
Details Source https://cybercx.co.nz/blog/akira-ransomware/
URL Provider
Details Provider Source level domain
Details cybercx.co.nz cybercx.co.nz
Attributes
Details Type #Events CTI Value
Details File 40 
netscan.exe
Details File 53 
adfind.exe
Details File 3 
hostd.log
Details sha256 4 
c9c94ac5e1991a7db42c7973e328fceeb6f163d9f644031bdfd4123c7b3898b0