BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Grixba and VSS Copying Tool - the latest weapon in cyberspace

    The Play ransomware group has developed two special tools - Grixba and VSS Copying Tool - to increase the effectiveness of their cyberattacks. This was reported by Symantec specialists who discovered and analyzed the samples.

    New tools allow attackers to:

    • list users and computers on compromised networks;
    • collect security, backup, and remote administration software information;
    • copy files from the Volume Shadow Copy Service (VSS) to bypass locked files.

    Grixba is a network scanning and information stealing tool used to enumerate users and computers in a domain. It also supports a "scan" mode that uses WMI, WinRM, remote registry, and remote services to determine what software is running on network devices.

    When performing a scan function, Grixba checks for antivirus and security software, EDR solution suites, backup tools, and remote administration tools. In addition, the scanner checks for regular office applications and DirectX, potentially allowing hackers to determine the type of computer being scanned.

    The tool saves all the collected data in CSV files, compresses it into a ZIP archive, and then exfilters it to the attackers' C2 server, providing important information so that the attackers can plan their next attack steps.

    The VSS Copying Tool is the second tool in the Play group that allows cybercriminals to interact with the Volume Shadow Copy Service (VSS) via API calls using the associated .NET library AlphaVSS.

    The Volume Shadow Copy Service is a Windows feature that allows users to create system snapshots and backups of their data at specific points in time and restore them in the event of data loss or system corruption. The VSS Copying Tool allows Play ransomware to steal files from existing volume shadow copies, even if those files are in use by applications.

    Both tools were written using the Costura .NET development tool, which can create standalone executables that require no dependencies, making it easier to deploy malware on compromised systems.

    Recall that the Play group claimed responsibility for the cyber attack on the American city of Oakland, which occurred in the first half of February. This attack severely disrupted the city's IT systems. Local authorities even had to declare a state of emergency in the city.

    Also in January, Play hackers infiltrated the Rackspace email service using a zero-day exploit and gained access to some of the company's customer data.

    Author DeepWeb
    Lazarus Group expands DreamJob campaign to Linux users
    The Xiaoqiying group attacked South Korea, and now they are targeting the West

    Comments 0

    Add comment