BlackCat exploits Windows Kernel Drivers to avoid detection
Tags
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 |
Common Information
| Type | Value |
|---|---|
| UUID | b79a0868-5cc6-4366-8775-d1bdcc97d276 |
| Fingerprint | 795a95e55b48e8f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 23, 2023, 8:30 a.m. |
| Added to db | June 5, 2023, 10:10 a.m. |
| Last updated | Nov. 13, 2024, 6:33 a.m. |
| Headline | BlackCat exploits Windows Kernel Drivers to avoid detection |
| Title | BlackCat exploits Windows Kernel Drivers to avoid detection |
| Detected Hints/Tags/Attributes | 21/1/11 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 13 | ✔ | Andrea Fortuna | https://andreafortuna.org/feed.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 9 | ktgn.sys |
|
| Details | File | 6 | tjr.exe |
|
| Details | sha1 | 3 | 17bd8fda268cbb009508c014b7c0ff9d8284f850 |
|
| Details | sha1 | 3 | 78cd4dfb251b21b53592322570cc32c6678aa468 |
|
| Details | sha1 | 3 | c2387833f4d2fbb1b54c8f8ec8b5b34f1e8e2d91 |
|
| Details | sha1 | 3 | 91568d7a82cc7677f6b13f11bea5c40cf12d281b |
|
| Details | sha1 | 3 | 0bec69c1b22603e9a385495fbe94700ac36b28e5 |
|
| Details | sha1 | 3 | cb25a5125fb353496b59b910263209f273f3552d |
|
| Details | sha1 | 5 | 994e3f5dd082f5d82f9cc84108a60d359910ba79 |
|
| Details | IPv4 | 6 | 2.4.0.0 |
|
| Details | Mandiant Uncategorized Groups | 111 | UNC3944 |