Source |
Security Affairs |
Identifiant |
6089536 |
Date de publication |
2022-08-02 12:30:55 (vue: 2022-08-02 13:05:38) |
Titre |
LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender |
Texte |
>An affiliate of the LockBit 3.0 RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. During a recent investigation, SentinelOne researchers observed threat actors associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation abusing the Windows Defender command line tool MpCmdRun.exe to decrypt and load Cobalt Strike payloads. The attackers initially compromise the target […]
|
Envoyé |
Oui |
Condensat |
0 raas 0 ransomware >an abusing actors affiliate associated attackers been cobalt command compromise decrypt defender defender deploy during exe has initially investigation line load lockbit mpcmdrun observed operation payloads raas recent researchers sentinelone service sideloads strike target the lockbit threat through tool windows |
Tags |
Tool
Threat
|
Stories |
|
Notes |
|
Move |
|