| _id |
62eb6ec8348d24c6a7972c55 |
| reference |
['https://www.virustotal.com/gui/file/ca29912297f84253ef2c1638df3b9424104d723a0c48e765a5441f1df608c0f9/detection', 'https://twitter.com/cyb3rops/status/1554841952520388608/photo/1', 'https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/'] |
| md5 |
[] |
| sha1 |
[] |
| sha256 |
['ca29912297f84253ef2c1638df3b9424104d723a0c48e765a5441f1df608c0f9'] |
| mail |
[] |
| ip |
[] |
| domain |
[] |
| url |
[] |
| user |
cyb3rops |
| tweet |
That's an interesting beacon loader used in DLL side-loading with MpCmdRun.exe
Sample
https://www.virustotal.com/gui/file/ca29912297f84253ef2c1638df3b9424104d723a0c48e765a5441f1df608c0f9/detection
Report on the DLL side-loading
https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/ https://twitter.com/cyb3rops/status/1554841952520388608/photo/1 |
| id |
1554841952520388608 |
| retweets |
23 |
| link |
https://twitter.com/cyb3rops/status/1554841952520388608 |
| mentions |
[] |
| hashtags |
[] |
| date |
2022-08-03 14:49:43 |
| timestamp |
1659563383 |