Driver of destruction: How a legitimate driver is being used to take down AV processes

Threat Score:
48
Kaspersky Securelist
4 days ago
Driver of destruction: How a legitimate driver is being used to take down AV processes

Overview

Table of Contents Introduction Incident overview The AV killer analysis Calling kernel functions Process killer main routine YARA rule Victims Attribution Conclusion and recommendations Tactics, techniques and procedures Indicators of compromise Cristian Souza Ashley Muñoz Eduardo Ovalle Francesco Figurelli Anderson Leite Introduction In a recent incident response case in Brazil, we spotted intriguing new antivirus (AV) killer software that has been circulating in the wild since at least October...

Related Articles

5 articles
1

Google confirms Salesforce CRM breach, faces extortion threat

Security Affairs 4 hours ago

Google disclosed a Salesforce Customer Relationship Management (CRM) breach exposing data of some prospective Google Ads customers. Google confirmed a breach in a Salesforce CRM instance affecting the data of prospective Google Ads customers. The website Databreaches.net reported that the attackers have sent an extortion demand to the Tech giant. Google Threat Intelligence Group confirmed that […]

Score
87
Read more
2

Google Hacked – Approx 2.5 Million Records of Google Ads Customer Data Leaked

GB Hackers 2 hours ago

Google Hacked – Approx 2.5 Million Records of Google Ads Customer Data Leaked Google has disclosed a significant data breach involving one of its corporate Salesforce instances, compromising customer data tied to its Google Ads platform. Google has not revealed the exact number of people impacted, but according to ShinyHunters,who spoke with Cyber Security News, the breach exposed around 2.5 million records (Approx). Whether some of these entries are duplicates is still unknown. The incident, de

Score
85
Read more
4

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

The Hacker News 2 hours ago

A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to conduct power distributed denial-of-service (DDoS) attacks. The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and Shahak Morag, whopresentedtheir findings at the DEF CON 33 security conference today. "As we explored the intricacies of the Windows LDAP client code, we discovered a significant flaw that allowed us to

Score
82
Read more
5

Hackers Found Backdoor in High-Security Safes—Opens in Seconds

Spybusters 6 hours ago

Security researchers found two techniques to crack at least eight brands of electronic safes—used to secure everything from guns to narcotics. James Rowley and Mark Omo got curious a scandal in the world of electronic safes... In the process, they'd find something far bigger: another form of backdoor intended to let authorized locksmiths open not just Liberty Safe devices, but the high-security Securam Prologic locks used in many of Liberty’s safes and those of at least seven other brands.  More

Score
76
Read more