News

LockBit Ransomware Abuses Legitimate Windows Defender Utility

  • 17 August 2022
  • 0 replies
  • 2 views
LockBit Ransomware Abuses Legitimate Windows Defender Utility
Userlevel 5
Badge +3
  • Community Manager
  • 24 replies

The LockBit ransomware-as-a-service was identified using a legitimate Windows Defender command line utility to decrypt and side-load a Cobalt Strike payload.
Initial entry was made using the Log4j vulnerability, CVE-2021-44228, which allowed the threat actors to gain access, attempt to run post exploitation tools like Meterpreter, Empire and Cobalt Strike and collect data from the infected device to exfiltrate to the attacker controlled C2.


0 replies

Be the first to reply!

Reply