In late 2022, a ransomware family known as CatB (also called CatB99 or Baxtoy) was first detected. Since November, there have been consistent reports of their attacks, which involve using DLL hijacking via Microsoft Distributed Transaction Coordinator (MSDTC) to extract and initiate ransomware payloads. CatB has garnered attention due to the similarities in the ransom notes and modifications made by the ransomware, suggesting that it may be a new version or a direct rebrand of the Pandora ransomware
that targeted the automotive industry in the first half of 2022.
CatB Ransomware Signatures
CatB Ransomware Download