@TrustedSec Seeing ramp-up of Powershell + malicious HTA in the wild over at @redcanaryco. Varies slightly from publicly disclosed bits.

Keith

@kwm

Fun detection @redcanaryco: No dropped binaries, no ext. comms, trusted processes end-to-end. Still caught it. https://www.redcanary.co/2015/07/29/red-canary-vs-poshrat-detection-in-the-absence-of-malware/

7/30/2015, 4:56:10 AM

Favs: 5

Retweets: 2

link

Keith

@kwm

@TrustedSec Seeing ramp-up of Powershell + malicious HTA in the wild over at @redcanaryco. Varies slightly from publicly disclosed bits.

8/4/2015, 2:43:28 PM

Favs: 0

Retweets: 0

link