Povlsomware Ransomware Features Cobalt Strike Compatibility

From trendmicro.com

Figure 1. The ReadMe page from the Povlsomware GitHub page

Povlsomware (Ransom.MSIL.POVLSOM.THBAOBA)  is a proof-of-concept (POC) ransomware first released in November 2020 which, according to their Github page, is used to “securely” test the ransomware protection capabilities of security vendor products. Povlsomware has not garnered much attention at the moment, being talked about in only a few sites — however, it has some interesting characteristics, notably its compatibility with the post-exploitation tool Cobalt Strike (which has been linked to other ransomware families such as Ryuk and DoppelPaymer) — giving the malware capabilities beyond what its seemingly simple infection routine shows. Furthermore, because the malware is open-source, anyone can modify and use it as part of their attack chain.

Read more…