Dark Power Ransomware Abusing Vulnerable Dynamic-Link Libraries in Resolved API Flow

In a previously released article, Heimdal® examined the emerging Dark Power ransomware, a strain of ransomware that can use advanced encryption methods like CTR to better control the victim’s computer and, implicitly, the housed data. This malware is written in the NIM programming language. Open-source threat intelligence feeds provide relatively little information about the preferred infiltration route and how to find and exploit vulnerabilities.

According to Heimdal’s analysis of the Dark Power strain’s vulnerability D&A, the ransomware utilises kernel-related APIs at the IPC level to advance more quickly via the cyber-kill chain. In order to identify CVEs, we shall examine the vulnerabilities in more detail in this post.

Dark Power Ransomware Abusing Vulnerable Dynamic-Link Libraries in Resolved API Flow

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Dark Power Ransomware Abusing Vulnerable Dynamic-Link Libraries in Resolved API Flow

28-Jul-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address