Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver [Wednesday, January 24, 2024]

Following an increase in bring-your-own-vulnerable-driver (BYOVD) attacks launched by ransomware groups in 2023, the Kasseika ransomware is among t...
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver [Wednesday, January 24, 2024]
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver
Report

Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver

Description :
Following an increase in bring-your-own-vulnerable-driver (BYOVD) attacks launched by ransomware groups in 2023, the Kasseika ransomware is among the latest groups to take part in the trend. Kasseika joins Akira, BlackByte, and AvosLocker in using the tactic that allows threat actors to terminate antivirus processes and services for the deployment of ransomware. In this case we investigated, the Kasseika ransomware abused Martini driver to terminate the victim machine’s antivirus-related processes.

Published Created Modified
2024-01-24 17:49:33 2024-01-24 17:49:33 2024-01-24 18:02:40

Tags

Indicators

Malwares :
  • Kasseika Ransomware
  • BlackMatter
Hashes :
  • ae635a4dd36a2bf7047b6a63605a9d20aae4bcc313d93068e5e0b6676a32a39f
  • 07eb1ef3ed7af7cd0c735d20315b66dec3a7d0fc7b1bc604d442f76ce07f2739
  • 63c336d18884369c4c721363b88f7a23fe05bc7fc7db84c8b248703b94ca8196
  • c33acab1ddbee95302f0d54feb1c49c40dec807cec251fb6d30d056f571155e0
  • 3d52113286b6229ea6ee5ab0be773d4dff8d56d3f54691ad849910e7153979aa
  • 8a0cd4fb3542458849e20c547a684578dd7fdd4317021dacf5517f607f8ceea7
  • cfac38a276ea508da50703915692cb8bd9d734ce74dc051239beb68cf89b2b37
  • 22f8fa1b42e487f6f6d6c6a62bba65267e2d292f80989031f8529558c86a9119
  • d2fcf0e66ba6a81931159c7a76f497f283751e50435dda56d4c912d9034b84a8
Intrusion set :
  • Kasseika
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.