Activity - IN another example, the #REvil ransomware-as-a-service group used this technique...

LeeArchinal, 4 months ago

IN another example, the #REvil ransomware-as-a-service group used this technique when they targeted the Microsoft Windows Malware Protection Engine and abused it by side-loading a DLL that executed the ransomware. Of course, I can't leave you empty handed, so here is the Community Hunt Package that you can use to hunt for that activity!

Package: Microsoft Malware Protection Engine Abnormal Child Process
Link: https://hunter.cyborgsecurity.io/research/hunt-package/d220e189-4350-41e7-b98e-402c851a5d7b

I hope this helps you get your hunting started or furthers you down the path! Enjoy and Happy Hunting!

#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #gethunting

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ AAKL

AAKL 4 months ago