Threat Hunting//
Threat Hunting Case Study: FileFix
FileFix bypasses Mark of the Web (MotW) protections by hijacking the Windows File Explorer address bar. Here is how to hunt for it.
The online game Axie Infinity is colorful and eye catching. It resembles Pokemon and is filled with cute digital creatures. To play the game, players use virtual currency to buy and sell these creatures and can earn it by battling each other. In 2021, the company behind Axie Infinity was worth $3 billion and backed by Silicon Valley dollars. But this virtual world and the enormous amount of virtual money in this world came into the sights of an adversary. In a matter of minutes in March 2022, Axie Infinity saw nearly $600 million worth of virtual currency stolen from its wallets. The hackers weren’t just cybercriminals. They were nation-state hackers from North Korea. But investigators were hot on their heels.
Participants:
Erin Plante, Vice President, Investigations, Chainalysis
Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471
