TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

Threat Recap: Huntress Managed EDR Trial by Fire | Huntress

2022-01-25 · Read original ↗

ATT&CK techniques detected

5 predictions
T1486Data Encrypted for Impact
98%
“threat recap : huntress managed edr trial by fire | huntress in cybersecurity, time is critical. whether you ’ re chasing down a threat actor who ’ s laterally moving through your networks or working to isolate a host to stop a ransomware attack in its tracks, even one second can…”
T1505.003Web Shell
98%
“that if a web shell is discovered, the tool does not do anything to remove the web shell. we continued to analyze this and decided that the best way to ensure that no web shells exist on the system would be to restore from backups. in order to do this, we really needed to downloa…”
T1219Remote Access Tools
98%
“after a quick investigation, it ’ s determined that it ’ s cobalt strike, a remote access tool ( rat ) that attackers use to maintain unauthorized access to either install additional malicious software ( e. g. ransomware ) or attempt to laterally move through the network to other…”
T1505.003Web Shell
45%
“##t that includes all of our partners with customers using vmware horizon servers. we give that to our sales team, executives and others who were anxious to give a lending hand to our partners. after a short period of time, threatops is able to update the list to include other ke…”
T1486Data Encrypted for Impact
33%
“after a quick investigation, it ’ s determined that it ’ s cobalt strike, a remote access tool ( rat ) that attackers use to maintain unauthorized access to either install additional malicious software ( e. g. ransomware ) or attempt to laterally move through the network to other…”

Summary

See how Huntress Managed Endpoint Detection and Response (EDR) helped combat follow-on attacks against VMware Horizon servers in real-time.