Skip to content

Hide Navigation Hide TOC

POORTRY (439059e2-f756-4c38-8d87-1d3c534f2e16)

POORTRY is a malicious kernel driver known to be used by multiple ransomware groups for defense evasion purposes, typically in conjunction with a related loader capability, STONESTOP. POORTRY abuses or falsifies certificates to evade code signing processes. Since being discovered and disclosed in 2022, POORTRY has evolved its focus from disabling security software to actually removing critical software components from victim disks.[Sophos News August 27 2024]

Cluster A Galaxy A Cluster B Galaxy B Level
POORTRY (439059e2-f756-4c38-8d87-1d3c534f2e16) Tidal Software RansomHub Ransomware Actors (94794e7b-8b54-4be8-885a-fd1009425ed5) Tidal Groups 1
POORTRY (439059e2-f756-4c38-8d87-1d3c534f2e16) Tidal Software BlackCat Ransomware Actors & Affiliates (33159d02-a1ce-49ec-a381-60b069db66f7) Tidal Groups 1
Medusa Ransomware Actors (316a49d5-5fe0-4e0b-a276-f955f4277162) Tidal Groups POORTRY (439059e2-f756-4c38-8d87-1d3c534f2e16) Tidal Software 1
LockBit Ransomware Actors & Affiliates (d0f3353c-fbdd-4bd5-8793-a42e1f319b59) Tidal Groups POORTRY (439059e2-f756-4c38-8d87-1d3c534f2e16) Tidal Software 1
Cuba Ransomware Actors (5216ac81-da4c-4b87-86ce-b90a651f1048) Tidal Groups POORTRY (439059e2-f756-4c38-8d87-1d3c534f2e16) Tidal Software 1