Tag

Encryption

3 briefs RSS

The Gentlemen Ransomware: Self-Propagating Go Encryptor

The Gentlemen ransomware, operated by Storm-2697 as a RaaS, employs a combination of strong per-file encryption with aggressive self-propagation to achieve broad network compromise, targeting Windows environments and using double extortion tactics.

Microsoft Defender Storm-2697 ransomware raas lateral-movement encryption

2r 4t 3w ago

medium advisory

PowerShell Script with Encryption/Decryption Capabilities

2 rules 3 TTPs

PowerShell scripts employing .NET cryptography APIs are used to encrypt data for impact or decrypt payloads for defense evasion.

Elastic Endpoint Security +1 powershell encryption defense-evasion windows

2r 3t Jan 3, 2024

high advisory

ESXi Encryption Settings Modification

2 rules

Detection of modifications to ESXi host encryption settings, such as disabling secure boot or executable verification, which may indicate attempts to weaken hypervisor integrity and allow unauthorized code execution.

ESXi +3 encryption vmware hypervisor attack.persistence

2r Jan 3, 2024