==================================================

CREATED: WIN-SUSPECT-NOBLIS-RANSOM (#1917)

Description

This detector identifies the Noblis ransomware loading specific Python modules related to cryptography functions and Windows API's into memory.

ATT&CK Technique T1471

==================================================

CREATED: ANY-PERL-ENCODED-BASE64 (#1918)

Description

This detector identifies the execution of a Perl script with Base64 encoding. This behavior is used to deliver and execute encoded commands to evade detection. 

ATT&CK Technique T1064

==================================================

CREATED: OSX-OPEN-TMP (#1922)

Description

This detector identifies instances of the macOS open command with a suspect command line. This technique is used by adversaries to deploy adware maliciously.

ATT&CK Technique T1059

Did this answer your question?