Re: RansomLord v3 / Anti-Ransomware Exploit Tool Released
2024-5-15 04:4:30 Author: seclists.org(查看原文) 阅读量:8 收藏

fulldisclosure logo

Full Disclosure mailing list archives


From: malvuln <malvuln13 () gmail com>
Date: Tue, 7 May 2024 08:28:36 -0400

Updated, fixed typo
SHA256 : 810229C7E62D5EDDD3DA9FFA19D04A31D71F9C36D05B6A614FEF496E88656FF5

On Mon, May 6, 2024 at 10:01 PM malvuln <malvuln13 () gmail com> wrote:

Proof-of-concept tool that automates the creation of PE files, used to
exploit Ransomware pre-encryption. Updated v3:
https://github.com/malvuln/RansomLord/releases/tag/v3
Lang: C SHA256:
83f56d14671b912a9a68da2cd37607cac3e5b31560a6e30380e3c6bd093560f5

Video PoC (old v2):
https://www.youtube.com/watch?v=_Ho0bpeJWqI

RansomLord generated PE files are saved to disk in the x32 or x64
directories where the program is run from. Goal is to exploit
vulnerabilities inherent in certain strains of Ransomware by deploying
exploits that defend the network! The DLLs may also provide additional
coverage against generic and info stealer malwares.

RansomLord v3 release notes:
Adding six more Ransomware to the victim list for a grand total of 49
StopCrypt, RisePro, RuRansom, MoneyMessage, CryptoFortress and Onyx.
Windows event log now includes SHA256 hash of the intercepted malware.

https://github.com/malvuln/RansomLord

MALVULN

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:


文章来源: https://seclists.org/fulldisclosure/2024/May/19
如有侵权请联系:admin#unsafe.sh