Security_Tools_Used_by_Ransomware_Gangs

ossec-win32 used by Storm-0501
https://www.ossec.net/about/

OSQuery used by Storm-0501
https://www.osquery.io/

GitGuardian used by Scattered Spider*
https://www.gitguardian.com/

MAGNET RAM Capture used by Scattered Spider*
https://www.magnetforensics.com/resources/magnet-ram-capture/

Volatility used by Scattered Spider*
https://volatilityfoundation.org/

Avast Anti-Rootkit driver used by Cuba, AvosLocker, MONTI
https://www.avast.com/c-rootkit-scanner-tool

ThreatFire System Monitor driver used by RansomHub
https://web.archive.org/web/20080822102358/http://www.threatfire.com/features/

Universal Virus Sniffer	used by Phobos
https://www.majorgeeks.com/files/details/universal_virus_sniffer.html

Zemana Anti-Rootkit driver used by Qilin, Akira, BlackByte
https://zemana.com/us/antimalware.html

GMER used by BlackSuit, Royal, PLAY, LockBit, Bassterlord*, Conti, 8BASE, TargetCompany, Hive, Avaddon, MONTI
http://www.gmer.net/

FileShredder used by BlackCat
https://www.fileshredder.org/