Object ID 88 contains compressed stream data. Object ID 79 contains compressed stream data: /CIDInit /ProcSet findresource begin Object ID 70 contains compressed stream data: /CIDInit /ProcSet findresource begin Object ID 65 contains compressed stream data: No filters Object ID 61 contains compressed stream data: No filters Object ID 49 contains compressed stream data: No filters Object ID 4 contains compressed stream data: No filters Possibly tries to communicate over SSL connection (HTTPS) Reads information about supported languagesĪdversaries may attempt to get a listing of open application windows.Īn adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.Īn adversary may compress or encrypt data that is collected prior to exfiltration using 3rd party libraries.Ĭontains object with compressed stream dataĪdversaries may target user email to collect sensitive information.įound a potential E-Mail address in binary/memoryĪdversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Adversaries may abuse various implementations of JavaScript for execution.Īdversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges.įound a string that may be used as part of an injection methodĪdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
0 Comments
Leave a Reply. |