Taggart :donor: on Nostr: Okay, who wants some handcrafted, artisanal #ThreatIntel? The latest versions of ...
Okay, who wants some handcrafted, artisanal #ThreatIntel? The latest versions of LummaStealer use BitLockerToGo.exe as a process hollowing/injection target to do its second stage work.
Detecting execution or network activity from this binary is high-fidelity. Nobody uses it in real life.
Published at
2024-06-28 22:12:07Event JSON
{
"id": "1eba907a62112498b92b0d89403896b87f2b1aed7929ccba20e5ddd1e91afccc",
"pubkey": "4afb3830f7c5db05d5934438779f63c3ed1401aa03a2eb0cc3cda743633aea61",
"created_at": 1719612727,
"kind": 1,
"tags": [
[
"t",
"threatintel"
],
[
"proxy",
"https://infosec.town/notes/9v2tbxzdkvomoxkt",
"activitypub"
]
],
"content": "Okay, who wants some handcrafted, artisanal #ThreatIntel? The latest versions of LummaStealer use BitLockerToGo.exe as a process hollowing/injection target to do its second stage work.\n\nDetecting execution or network activity from this binary is high-fidelity. Nobody uses it in real life.\n\nhttps://media.infosec.town/media/35e486de-f482-4e66-bd62-88ca9243d55e.png",
"sig": "896950daf977d600c56dad124711082d66e4699eca63d5966e49a40a533bac8fe839f5a497a35fb2514867ecf815120746404d0aaa840f085c6cf5f83c074e3d"
}
