"services. when executed, these services attempt to propagate the malware and move laterally through the network via administrative shares. emotet persistence in addition to services, emotet has been known to use scheduled tasks and registry run keys. perhaps a good task for autom…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
83%
"soc in action our blog is full of examples that showcase the power of human threat hunting — but there are hundreds more that we just haven ’ t been able to write about yet. to give you a taste, we ’ ve come across things like fake antivirus programs where malware masqueraded as …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059Command and Scripting Interpreter
66%
"automation is great for certain aspects, such as catching and flagging known malware patterns. but a human analyst can decipher what is truly malicious or spot a command that was designed to evade antivirus. in my opinion, threat hunting is strongest when you have automation and …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1018Remote System Discovery
60%
"automation is great for certain aspects, such as catching and flagging known malware patterns. but a human analyst can decipher what is truly malicious or spot a command that was designed to evade antivirus. in my opinion, threat hunting is strongest when you have automation and …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059Command and Scripting Interpreter
58%
"hey, a cmd. exe program is running as a child process to my microsoft word program " they have the know - how that this is very suspicious and shouldn ' t be happening. obviously, that is a simple example — automated solutions could detect that strange behavior, but only because …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1569.002Service Execution
32%
"other well - known strains such as trickbot or dridex, other times it ’ s highly destructive ransomware like ryuk. the good news is that emotet isn ’ t invisible ; it does leave traces that can be detected if you know what to look for. as described in this alert, “ emotet artifac…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
In this blog, we define what threat hunting is, the differences between human analysis and automation, plus an example of human-powered threat hunting.