BlackCat Ransomware Deploys New Signed Kernel Driver
Tags
attack-pattern: Data Code Signing - T1553.002 Code Signing Certificates - T1587.002 Code Signing Certificates - T1588.003 Hardware - T1592.001 Private Keys - T1552.004 Safe Mode Boot - T1562.009 Software - T1592.002 Tool - T1588.002 Code Signing - T1116 Private Keys - T1145 Rootkit - T1014 Rootkit
Show in Graph
Common Information
Type Value
UUID 63726de0-5945-4eee-9ce3-73d8504817ae
Fingerprint 251999da09f63705
Analysis status DONE
Considered CTI value 1
Text language
Published May 22, 2023, midnight
Added to db Oct. 15, 2024, 10:39 p.m.
Last updated Oct. 16, 2024, 2:39 a.m.
Headline BlackCat Ransomware Deploys New Signed Kernel Driver
Title BlackCat Ransomware Deploys New Signed Kernel Driver
Detected Hints/Tags/Attributes 50/1/5
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_sg/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html
Details Source https://www.trendmicro.com/en_nz/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html
Details Source https://www.trendmicro.com/en_my/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details File 9 
ktgn.sys
Details File 6 
tjr.exe
Details sha1 5 
994e3f5dd082f5d82f9cc84108a60d359910ba79
Details sha1 3 
f6793243ad20359d8be40d3accac168a15a327fb
Details IPv4 6 
2.4.0.0