𝟭𝟮 𝗘𝗗𝗥 𝗕𝘆𝗽𝗮𝘀𝘀 𝗠𝗲𝘁𝗵𝗼𝗱𝘀 & 𝗧𝗧𝗣𝘀 𝗘𝗺𝗽𝗹𝗼𝘆𝗲𝗱 𝗯𝘆 #𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗚𝗿𝗼𝘂𝗽𝘀 Revealed by CISA

✅#RansomHub: Uses EDRKillShifter and BYOVD techniques to disable antivirus and EDR systems.

✅#Blacksuit: Exploits Group Policy Objects and tools like PowerTool64 and GMER to disable EDR.

✅#BlackBasta: Uses the Backstab tool and PowerShell scripts to disable EDR systems.

✅#Akira: Weaponizes virtual machines and exploits the Zemana AntiMalware driver for EDR termination.

✅#Phobos: Uses tools like Universal Virus Sniffer, Process Hacker, and PowerTool for EDR evasion.

✅#ALPHV: Deploys customized EDR killers such as ibmModule.dll and 363.sys.

✅#Play: Uses tools like ProcessHacker, GMER, IOBit, and PowerShell scripts to disable EDR.

✅#Rhysida: Executes SilentKill PowerShell script and uses stolen credentials for network intrusion.

✅#AvosLocker: Leverages asWarPot.sys (Avast driver) and PowerShell scripts to bypass EDR.

✅#Snatch: Operates in Windows Safe Mode and modifies system registries to evade detection.

✅#LockBit: Utilizes a variety of tools, including Backstab, Terminator GMER, and Bat Armor for EDR evasion.

✅#BianLian: Uses DISM, PowerShell, and Windows Command Shell to disable antivirus and EDR protections.

More resources:

1. https://lnkd.in/gw3gzNJe

2. https://lnkd.in/gnJGBGiN