PowerShell – Page 2 – PossibleThreat Articles

Windows services lay the groundwork for a Midas ransomware attack

February 2, 2022 0 Comments anydesk, dism, dismcore.dll, midas, PowerShell, Ransomware, rapid response, teamviewer, threat research

Credit to Author: Andrew Brandt| Date: Tue, 25 Jan 2022 12:30:13 +0000

Attackers took two months to craft and install PowerShell scripts as services before deploying the ransomware

Security Sophos

How I learned to stop worrying and love ‘grey hat’ tools

February 25, 2020 0 Comments cobalt strike, empire, evasion, hercules, hydra thc, kali, koadic, metasploit, nishang, phantom, PowerShell, shelter, SophosLabs Uncut, thefatrat, veilevasion

Credit to Author: Tad Heppner| Date: Tue, 25 Feb 2020 13:45:19 +0000

A comprehensive security solution needs a sense of subtlety: not all machine code lends itself to be classified easily as malicious. As with most things in life, there’s a grey area in malware detection that includes hacking tools, poorly designed or easily exploitable applications, or borderline adware that provides little benefit to the unfortunate user […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/TR1pieWZO1k” height=”1″ width=”1″ alt=””/>

QuickHeal Security

STOP (Djvu) Ransomware: Ransom For Your Shady Habits!

January 15, 2020 0 Comments _readme.txt, {1d6fc66e-d1f3-422c-8a53-c0bbcf3d900d}, {36a698b9-d67c-4e07-be82-0ec5b14b4df5}, crack software, cracked, djvu, encryption, fake apps, icacls, infostealer, keygen, malware, offline key, online key, PowerShell, Ransomware, salsa20, stop, syshelper, time trigger task, timetriggertask, vidar, vilsel, windows update

Credit to Author: Jayesh kulkarni| Date: Wed, 15 Jan 2020 14:13:09 +0000

With almost 200 extensions, STOP (djvu) ransomware can be said to be 2019’s most active and widespread ransomware. Although this ransomware was active a year before, it started its campaign aggressively in early 2019. To evade detection, it has been continuously changing its extensions and payloads. For earlier infections, data…

Security Sophos

Brexit – even cybercriminals want to have their say…

December 12, 2019 0 Comments brexit, cryptojacking, fileless malware, malware, PowerShell, wannamine

Credit to Author: Naked Security writer| Date: Thu, 12 Dec 2019 16:31:25 +0000

These crooks stashed a message in the virus code itelf – we found it, but we don’t know which way to take it!<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/DkMfkmqt7vk” height=”1″ width=”1″ alt=””/>

Security Sophos

Lemon_Duck PowerShell malware cryptojacks enterprise networks

October 1, 2019 0 Comments cryptojacking, Cryptomining, EternalBlue, fileless, lemon_duck, PowerShell, smb, SophosLabs, SophosLabs Uncut

Credit to Author: rajeshnataraj| Date: Tue, 01 Oct 2019 04:01:09 +0000

SophosLabs are monitoring a significant spike in crypto mining attacks, which spread quickly across enterprise networks. Starting from a single infection, these attacks use a variety of malicious scripts that, eventually, turn an enterprise’s large pool of CPU resources into efficient cryptocurrency mining slaves. The threat actors behind these campaigns have been using an array […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/jF91Bgk0dso” height=”1″ width=”1″ alt=””/>

Microsoft Security

Deep learning rises: New methods for detecting malicious PowerShell

September 3, 2019 0 Comments AI and machine learning, cybersecurity, deep learning, Endpoint security, Machine Learning, Microsoft Defender ATP, Microsoft security intelligence, PowerShell, Security Intelligence, Threat protection

Credit to Author: Eric Avena| Date: Tue, 03 Sep 2019 16:00:03 +0000

We adopted a deep learning technique that was initially developed for natural language processing and applied to expand Microsoft Defender ATP’s coverage of detecting malicious PowerShell scripts, which continue to be a critical attack vector.

The post Deep learning rises: New methods for detecting malicious PowerShell appeared first on Microsoft Security .