ioc[.]one - OSINT Cyber Threat Intelligence Database

Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver 

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Software - T1592.002 Vulnerabilities - T1588.006 Windows Management Instrumentation - T1047

Show in Graph

Common Information

Type	Value
UUID	f3b713fd-505c-4e33-b63e-3d1c7ef93dc1
Fingerprint	b5525970b7bc2f4d
Analysis status	DONE
Considered CTI value	0
Text language
Published	Jan. 23, 2024, midnight
Added to db	Oct. 15, 2024, 4:56 p.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver
Title	Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver
Detected Hints/Tags/Attributes	67/2/18

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_th/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
Details	Source	https://www.trendmicro.com/en_ie/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
Details	Source	https://www.trendmicro.com/en_nl/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
Details	Source	https://www.trendmicro.com/en_be/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
Details	Source	https://www.trendmicro.com/en_no/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
Details	Source	https://www.trendmicro.com/en_gb/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	30		www.sysinternals.com
Details	File	367		readme.txt
Details	File	3		martini.exe
Details	File	5		martini.sys
Details	File	4		viragt64.sys
Details	File	50		www.sys
Details	File	3		ntice.sys
Details	File	2		iceext.sys
Details	File	2		filemonitor.sys
Details	File	3		syser.sys
Details	File	2		hanolly.sys
Details	File	2		extrem.sys
Details	File	2		frdtsc.sys
Details	File	2		fengyue.sys
Details	File	2		smartscreen_protected.exe
Details	File	2		clear.bat
Details	File	8		wevutil.exe
Details	Windows Registry Key	2		HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session