Brain Cipher Ransomware uses CVE-2023-28252

SUMMARY :

Brain Cipher ransomware is suspected of exploiting CVE-2023-28252, a vulnerability previously utilized by the now-inactive Nokowaya Ransomware Group. The exploit, often disguised as 'clfs_eop.exe', targets the Microsoft Windows CLFS Driver for privilege escalation. This vulnerability is being sold on underground networks for $5K to $25K, indicating the existence of unpatched systems. The analysis provides multiple MD5 hashes associated with the exploit, along with several IP addresses potentially related to the CVE or Brain Cipher operations. The exploitation of this vulnerability highlights the ongoing threat posed by ransomware groups adapting to use newly discovered security flaws.

OPENCTI LABELS :

ransomware,privilege-escalation,cve-2023-28252,brain cipher,clfs filename


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Brain Cipher Ransomware uses CVE-2023-28252