Threat: Ransom.Conti
Vulnerability: Code Execution
Description: Conti looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware pre-encryption….
Threat: Ransom.Petya
Vulnerability: Code Execution
Description: Petya looks for and loads a DLL named “wow64log.dll” in
WindowsSystem32. Therefore, we can drop our own DLL to intercept and
terminate the malware pre-encryption. The…
Threat: Ransom.Cryakl
Vulnerability: Code Execution
Description: Cryakl looks for and loads a DLL named “wow64log.dll” in
WindowsSystem32. Therefore, we can drop our own DLL to intercept and
terminate the malware pre-encryption. The…
Threat: Trojan-Ransom.Radamant
Vulnerability: Code Execution
Description: Radamant tries to load a DLL named “PROPSYS.dll” and execute a
hidden PE file “DirectX.exe” from the AppDataRoaming directory. Therefore,
we can…
It was discovered that ecdsautils, a collection of ECDSA elliptic curve
cryptography CLI tools verified some cryptographic signatures incorrectly:
A signature consisting only of zeroes was always considered valid,
making it trivial to forge signatures.