For .MAP symbols I've updated the ida-pro-loadmap plugin to support loaders like idaxex, and also allow it to mark even more functions than it previously could, along with marking functions linked in from known SDK libraries: -pro-loadmap/releases/tag/1.43a
Recommend pairing this loader with the PPCAltivec plugin, to help IDA understand any Altivec instructions.Fortunately yui-konnu has released an updated version for IDA 7 here: -konnu/PPC-Altivec-IDAFrom this I've attached prebuilt binaries for IDA 7.2/7.3/7.5, which you can find down below.
The variant uses common ransomware tactics, techniques, and procedures (TTPs) to compromise victims' devices. While taking live actions, the operator disables anti-malware protections and then exfiltrates sensitive data and encrypts business files. Their affiliates use multiple mechanisms to compromise their victims' networks, including phishing emails with malicious attachments, leaked VPN credentials, and by exploiting vulnerabilities on external-facing assets. In addition, Hive places a plain-text ransom note that threatens to publish the victim's data on the TOR website 'HiveLeaks' unless the victim meets the attacker's conditions.
Microsoft released patches for those three vulnerabilities in April and May 2021 as part of their "Patch Tuesday" releases. CVE-2021-34473 and CVE-2021-34523 were patched (KB5001779) In April 2021. CVE-2021-31207 was patched (KB5003435) in May.
The p.bat script and file naming convention match part of Conti's ransomware toolkit, which was provided to the group's affiliates and first leaked on August 21, 2022 and published on Twitter. This indicates that Hive affiliates are adopting other ransomware group techniques.
This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact email@example.com if you have any questions about the US-CERT website archive.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. 2b1af7f3a8