Discover and read the best of Twitter Threads about #RDFSNIFFER

Most recents (1)

πŸ€™πŸ’° Mahalo FIN7: fireeye.com/blog/threat-re…
β€’ On several on-going investigations we saw #FIN7 trying to retool πŸ„πŸΌ
β€’ Used DLL search order hijacking of a legit POS management utility with a signed backdoor (0 detections on VirusTotal)
β€’ Hunting for #BOOSTWRITE and #RDFSNIFFER πŸ’³ Image
.@josh__yoder & I stayed up much of the night to get this blog out.
The signed #BOOSTWRITE sample is still undetected by static VT scanners: virustotal.com/gui/file/18cc5…
We were fair on why that is and how that doesn't fully represent detection posture.
Then we provided hunting rules. Image
#FIN7's code signing certificate is purportedly from Mango Enterprise Limited in the UK.
Prob not theirs - based on the street address, I suspect there's more car theft than certificate theft 😜: maps.app.goo.gl/MbznDeJPHJr4n5…

We analyze & discuss how to find the certificate anomalies! ImageImageImageImage
Read 7 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!