Taggart :donor: on Nostr: Okay, who wants some handcrafted, artisanal #ThreatIntel? The latest versions of ...
Okay, who wants some handcrafted, artisanal #ThreatIntel? The latest versions of LummaStealer use `BitLockerToGo.exe` as a process hollowing/injection target to do its second stage work.
Detecting execution or network activity from this binary is high-fidelity. Nobody uses it in real life.
Published at
2024-06-28 22:12:07Event JSON
{
"id": "3bc6fec1bbf72969cde430650bd3732006f203cea02a00fee56bbd9c99283077",
"pubkey": "a98c70a003b0874720fd4893f0abcaaa244610dc1dc69258be8953c395415658",
"created_at": 1719612727,
"kind": 1,
"tags": [
[
"t",
"threatintel"
],
[
"imeta",
"url https://media.infosec.town/media/35e486de-f482-4e66-bd62-88ca9243d55e.png",
"m image/png"
],
[
"proxy",
"https://infosec.town/notes/9v2tbxzdkvomoxkt",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.town/notes/9v2tbxzdkvomoxkt",
"pink.momostr"
],
[
"expiration",
"1722205119"
]
],
"content": "Okay, who wants some handcrafted, artisanal #ThreatIntel? The latest versions of LummaStealer use `BitLockerToGo.exe` as a process hollowing/injection target to do its second stage work.\n\nDetecting execution or network activity from this binary is high-fidelity. Nobody uses it in real life.\nhttps://media.infosec.town/media/35e486de-f482-4e66-bd62-88ca9243d55e.png\n",
"sig": "47b3a58c9e10071823b505a70d1fd03e88274c29371f0c5d797c0550c78c965088117a54e742531d5def4b9cbcdcc68bbb65beb81b6af6bd3e7cb9fbb8efec44"
}