{ "name": "Shared secret: EDR killer in the kill chain", "slug": "shared-secret-edr-killer-in-the-kill-chain", "description": "This intelligence report analyzes a sophisticated tool designed to disable endpoint security solutions, particularly EDR systems, on infected systems. The tool, known as AVKiller, has been observed in multiple ransomware attacks since 2022. It is heavily protected, targets various security vendors, and uses a driver with a compromised certificate to terminate processes and services. The report details the tool's characteristics, its connection to ransomware attacks, and provides examples of its use in specific ransomware families. Notably, the report highlights evidence of tool sharing and technical knowledge transfer among competing ransomware groups, suggesting a more complex ecosystem than previously thought.", "published": "2025-08-07T16:57:10+00:00", "created_at": "2025-08-07T16:57:10+00:00", "modified_at": "2025-08-07T20:14:21+00:00", "created_at_opencti": "2025-08-07T16:57:10+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-08-07", "avkiller", "blacksuit", "compromise", "crytox", "dragonforce", "driver", "edr", "heartcrypt", "inc", "lynx", "medusalocker", "qilin", "ransomhub", "ransomware", "threat-sharing" ], "related_entities": { "observables": [ { "id": "", "name": "e5e418da909f73050b0b38676f93ca8f0551981894e2120fb50e8f03f4e2df4f" }, { "id": "", "name": "e1ed281c521ad72484c7e5e74e50572b48ea945543c6bcbd480f698c2812cdfe" }, { "id": "", "name": "a44aa98dd837010265e4af1782b57989de07949f0c704a6325f75af956cc85de" }, { "id": "", "name": "61557a55ad40b8c40f363c4760033ef3f4178bf92ce0db657003e718dffd25bd" }, { "id": "", "name": "3a6d5694eec724726efa3327a50fad3efdc623c08d647b51e51cd578bddda3da" }, { "id": "", "name": "f60c3942b4247f5da17dbfd7cc92250f0107f8d259a8644a2988c5699751ea2f" }, { "id": "", "name": "f51397bb18e166c933fe090320ec23397fed73b68157ce86406db9f07847d355" }, { "id": "", "name": "f1c37f93d000134b4bfe439add26f3c146958dd87b230123d58790fedce6336a" }, { "id": "", "name": "f11930cb70556941b6e3c8530956f1381a4cdbd1e3fe8e9f363487a73b45a9c0" }, { "id": "", "name": "efb642ad3fab4a2e6cb4de829b60e04dd0d9ae7c2b4cf544de28c38f978b4136" }, { "id": "", "name": "e6309fdb03313dd1b62467684a49692de5c27bbc3c17e65e2010cfbf686a4bf3" }, { "id": "", "name": "ddf23db6881e42e65440c26a208c9175ad705c708f0a5d8426a2636bad79777c" }, { "id": "", "name": "d2939cd18c9072488767520be081fef71d560896c6293b6633cab099fcd238ae" }, { "id": "", "name": "ce1ba2a584c7940e499194972e1bd6f829ffbae2ecf2148cdb03ceeca906d151" }, { "id": "", "name": "c793304fabb09bb631610f17097b2420ee0209bab87bb2e6811d24b252a1b05d" }, { "id": "", "name": "c56feeb27a58d24e9f53319513c838e22e92124aa1ef24d977c7ab12b7c5c9c3" }, { "id": "", "name": "bdaea3d46444373d7107d62270c0358b82569fbf5d66e6dd7c90faf53308f477" }, { "id": "", "name": "bbab99faba116f5dd2ad138f036787e56141e1b4c6368d8852743fe7c78948ce" }, { "id": "", "name": "b8c1f3d24f0282c84ed599147462d4031df43cd4fceef38afcee4b3fc8f16e7b" }, { "id": "", "name": "af7d822da46d777b512a90ee982a7661d8a6c78f9bd1f3d34ce38ef2b44117e6" }, { "id": "", "name": "aae2e7f4feb75a61c98a727a9da9c3eba213e9e43aa7c9e81e2b3c2f6439b908" }, { "id": "", "name": "aa99b6c308d07acac8c7066c29d44442054815e62ea9a3f21cc22cdec0080bc8" }, { "id": "", "name": "a3938d9639148406d218835f1e1f0afcfbd566de3849b61a51fdcc54d100abba" }, { "id": "", "name": "a2d071da4bfc6bd9cd576a922d1677160f03c9bf7bd65e8f96c78cbb1068d41c" }, { "id": "", "name": "927e3aef03a8355d236230cace376b3023480a40c5ac08453c07dab343dd1f11" }, { "id": "", "name": "875f4fd64c50e293859e04396e6342fd93695c3f21606596cf982a9205e92fd9" }, { "id": "", "name": "7e19a1ca2144051c9cd66440b4fe54fbb01aee6a86fd196f5d0b67f04d19a18a" }, { "id": "", "name": "77e089dfeb1d114d4171e461e0c4f36b895ed8ef5ee23e8b243bdf491837b5b6" }, { "id": "", "name": "6fc26e8ac9c44a8e461a18b20929f345f8cfc86e9a454eae3509084cf6ece3be" }, { "id": "", "name": "6d5f086f742883c0905a0c9593d332762c9b73016b87d933161cbdb97b3cf1ca" }, { "id": "", "name": "5e423483165666976997e17b9834b9f6bd0da6c4b0da23f45584203f7c08fe4c" }, { "id": "", "name": "5ec67fc827c2335c31303238b439822addf52552c9895478cb27840e252b6029" }, { "id": "", "name": "5c8f53bd9eb13ac07ca5190ed0946c9feb5c73627bf5c0c9e79b28626310ad90" }, { "id": "", "name": "597d4011deb4f08540e10d1419b5cbdfb38506ed53a5c0ccfb12f96c74f4a7a1" }, { "id": "", "name": "5baf5445c4b22c645ff6d509a744e0b6c96fe5c5ea84ed471421af890cfd8533" }, { "id": "", "name": "56add2f70df9a1cb46b675e928a15d3769e2060059f4bb286fa217a2ec930ca5" }, { "id": "", "name": "49ed990459486e569cd1428b045baff1e61b86cdeef84a75384b5f7f46bd678e" }, { "id": "", "name": "4aa0456c7f0ad4d85324ab135d55641b15245b58e681efcaba319e605c5bed07" }, { "id": "", "name": "48e6e071b70566bc9fabbbff995946076b410f5459356b65051ae10e04fe512f" }, { "id": "", "name": "4686bf07db10376fb4c8ce3b729c4ab60d89b454fc57feb39f9607cb43a081d9" }, { "id": "", "name": "45f9d530edb5c71c24d7787ba0f12743d0ecf042ba9e96922364bbacbb32927c" }, { "id": "", "name": "43cd3f8675e25816619f77b047ea5205b6491137c5b77cce058533a07bdc9f98" }, { "id": "", "name": "422800c5553ec5444f7ec593805e0cf4622921d6d5cb3da3a511007047a24721" }, { "id": "", "name": "3fbe5a1ed857a6736e061a6850706f9e8a7e881f024bff044df1c34795b89bf4" }, { "id": "", "name": "2912be03b75dab3131f41d658e149b64c089839052472e36f5f13f193bf16253" }, { "id": "", "name": "27502080db7fc2815afb6e19c5cbb3206cd80863d19f97644519fa1c1c343a7b" }, { "id": "", "name": "22e2f183175ec02d1bb8bf32f1731d77fa855f24b588dffb398ac741f91e1698" }, { "id": "", "name": "2073d94af0aa560c11e3399d2b83a720ee373a46ccf835486e57c37e3d1d9a25" }, { "id": "", "name": "1c1c7a3305e87bf58eb116a09167c1135f3ba23aaca5c0bfcd1b545510ac271c" }, { "id": "", "name": "15cd13e0cad20394ec1405748e4bd50e3f27313c6274aee098c4eb0ede970b4c" }, { "id": "", "name": "10c1b292e67b22b5d91071185e33597a242c8dea6a7a523befab5922e3002285" }, { "id": "", "name": "147dee11a406a86dd9b42982c091e8acbaca13614edb75f447cbaffb23017a90" }, { "id": "", "name": "0eaa413dc13bc846258e5b4670142bea20e567065b7f4bbc135fe62d93878160" }, { "id": "", "name": "05f8f514d1367aca856564af5443a75f47d22a30ce63f0b024a41e6b9553a527" }, { "id": "", "name": "0b4295bcd7bf850fea2b1bc09f652da028af33d625b11781ac875c603a52e5a8" }, { "id": "", "name": "df6cb5199c272c491b3a7ac44df6c4c279d23f7c09daed758c831b26732a4851" } ], "malware": [ { "id": "legacy:malware:877895b58934512e", "name": "Crytox", "slug": "crytox" }, { "id": "legacy:malware:a406af6a981f708a", "name": "AVKiller", "slug": "avkiller" }, { "id": "legacy:malware:cedca6ebef254f36", "name": "Dragonforce", "slug": "dragonforce" }, { "id": "9c0db20b-665e-4e91-a72f-b9a8d5343e58", "name": "Lynx", "slug": "lynx" }, { "id": "legacy:malware:353aad3f0306b0ec", "name": "MedusaLocker", "slug": "medusalocker" }, { "id": "e5f01230-4eca-4233-ad8d-8cb847db86ec", "name": "Brave Prince - S0252", "slug": "brave-prince-s0252" }, { "id": "legacy:malware:910d49d68313d36a", "name": "Qilin", "slug": "qilin" }, { "id": "legacy:malware:b4686b73535465d0", "name": "RansomHub", "slug": "ransomhub" }, { "id": "legacy:malware:f31a0b66e3452c17", "name": "BlackSuit", "slug": "blacksuit" } ], "intrusion_sets": [ { "id": "61b90558-ed9d-4640-8d00-3de55c6aeda6", "name": "RansomHub", "slug": "ransomhub" } ] }, "external_refs": [ "https://news.sophos.com/en-us/2025/08/06/shared-secret-edr-killer-in-the-kill-chain/", "https://otx.alienvault.com/pulse/6894f706ccd8068cfdffd6e7" ] }