Threat Hunting//
Threat Hunting Case Study: FileFix
FileFix bypasses Mark of the Web (MotW) protections by hijacking the Windows File Explorer address bar. Here is how to hunt for it.
[Image: Cybercrime Exposed Botnet Breakup]
Over many years, a cybercriminal gang likely based in Russia built a huge network of interconnected, hacked computers. They did this one inbox at a time. They sent spam messages with fake documents and malicious links, tricking people into opening malicious software. The network of hacked computers was called Qakbot, or QBot. The botnet was used by cybercriminal gangs to infiltrate computers, steal their data, conduct financial crime and deploy ransomware. But in 2023, law enforcement hacked the hackers. They cut Qakbot off from the cybercriminal group that controlled it. They also removed Qakbot from hundreds of thousands of infected computers, a mission that stretched across the internet. But the battle against this group continues.
Participants:
Selena Larson, Senior Threat Intelligence Analyst, Proofpoint
Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471
