LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender

2 August 2022

An affiliate of the LockBit 3.0 RaaS operation has been abusing the Windows Defender command-line tool to deploy Cobalt Strike payloads. During a recent investigation, SentinelOne researchers observed threat actors associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation abusing the Windows Defender command line tool MpCmdRun.exe to decrypt and load Cobalt Strike payloads.

Read full article on Security Affairs

Date:

2 August 2022

Categorie(s):

NEWS

Tag(s):

Cobalt Strike, Cybercrime, Payloads, Ransomware, Windows Defender

‘Absolute joke’: customers’ personal data exposed amid Pandemonium Rocks festival refund stoush24 April 2024
CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers24 April 2024
GenAI can enhance security awareness training24 April 2024
AI set to play key role in future phishing attacks24 April 2024
Cybersecurity jobs available right now: April 24, 202424 April 2024

LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender￼

LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender