Sigma rule to detect #Winnti malware process starts as described in ESET's recent blog post on a campaign against HK universities
(derived from sandbox reports - won't share them yet)
Sigma Rule
https://github.com/Neo23x0/sigma/blob/master/rules/windows/process_creation/win_apt_winnti_mal_hk_jan20.yml …
Report
https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/ …pic.twitter.com/NOF1Flx5i0
06:52 - 1. velj 2020.
0 replies
46 proslijeđenih tweetova
96 korisnika označava da im se sviđa
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.