| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAHK0WRXQ4eg_+sM4FPpT5=TvxW7rmkQ1EJr8XtnoLerc6UTdQ@mail.gmail.com> Date: Fri, 13 Dec 2024 01:05:58 -0500 From: malvuln <malvuln13@...il.com> To: fulldisclosure@...lists.org Subject: [FD] RansomLordNG - anti-ransomware exploit tool This next generation version dumps process memory of the targeted Malware prior to termination The process memory dump file MalDump.dmp varies in size and can be 50 MB plus RansomLord now intercepts and terminates ransomware from 54 different threat groups Adding GPCode, DarkRace, Snocry, Hydra and Sage to the ever growing victim list. Lang: C SHA256: fcb259471a4a7afa938e3aa119bdff25620ae83f128c8c7d39266f410a7ec9aa RansomLordNG leverages code execution vulnerabilities and saving process memory to disk prior to termination of the Malware pre-encryption. This may be useful as we can possibly avoid unpacking, anti-debugging techniques or fully executing the malware. The MalDump feature is optional and can be toggled to enabled=1 or disabled=0 https://github.com/malvuln/RansomLord/releases/tag/NG Thank you, malvuln _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists