“is maintained and developed in the public github repository. it acts as “ a simple ransomware protection. ” the readme of the repository explains the function of the tool is to monitor for ransomware activity, like deleting shadow copies using native windows programs like vssadmi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
95%
“you may run manually, or potentially legitimate backup processes, could be blacklisted and get nerfed by raccine. your use of the tool is solely at your own discretion. note that many malware families are familiar with the raccine utility, and some even try to remove or circumven…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1055.001Dynamic-link Library Injection
88%
“single managed host is dumped into if it is something we have never seen before. our threatops analysts “ go hunting ” and dig through these findings to uncover new malware. but this is not a story about new malware we found. this time, we are showcasing a novel defensive trick w…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
84%
“comparing malicious activity with and without raccine. raccine uses yara rules that can be adjusted and fine - tuned to one ’ s needs, but the repository goes on to showcase how this can stop the infection of emotet, ragnarlocker, ryuk and more. it looks for malicious combination…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
61%
“discovering a ransomware remedy in the wild | huntress within the threatops department at huntress, we actively hunt for malware and adversary activity. we look for persistent footholds : the tell - tale sign and smoking gun at the crime scene that truly indicates there is evil o…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
46%
“program a bit more. initially, it looked very suspicious — it apparently had been attached to a handful of native windows programs as an ifeo debugger, not just wmic. exe. after an extremely cursory analysis ( seriously, just the ` strings ` command was all it took ) we could tel…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
40%
“is maintained and developed in the public github repository. it acts as “ a simple ransomware protection. ” the readme of the repository explains the function of the tool is to monitor for ransomware activity, like deleting shadow copies using native windows programs like vssadmi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1679Selective Exclusion
31%
“discovering a ransomware remedy in the wild | huntress within the threatops department at huntress, we actively hunt for malware and adversary activity. we look for persistent footholds : the tell - tale sign and smoking gun at the crime scene that truly indicates there is evil o…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Our ThreatOps team details stumbling across Raccine, a ransomware remedy that works by hooking onto IFEO debuggers, for the first time.