Threat Hunting//
Threat Hunting Case Study: FileFix
FileFix bypasses Mark of the Web (MotW) protections by hijacking the Windows File Explorer address bar. Here is how to hunt for it.
In 2006, a new type of malware appeared on the scene. Its name was Zeus. It was enormously profitable for its cybercriminal developers, who used it to steal tens of millions of dollars from businesses and organizations of all sizes. Those behind the scheme had honed a new model: cybercrime-as-as-service, where individuals focus on their specialities – creating malware, employing money mules, acting as system administrators. Zeus frustrated victims and left some in ruins. It defeated security processes in financial systems. And it led law enforcement along trails that that went from small businesses in America to Eastern Ukraine and Russia. Sometimes, the trails ran cold. But eventually, one threat actor’s luck ran out.
Participants:
Jason Passwaters, CEO and Co-Founder, Intel 471
Jim Craig, Senior Director, Intelligence Collection Management, Intel 471
Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471
