Since I'm a fan of efficient forensic analysis, I've created a YARA rule that detects downloads blocked by security solutions - uses external var (works in LOKI & THOR) @malmoeb's tweet… @virustotal query……
Replying to @malmoeb
2/ But the best part was: the file was not an executable at all! The proxy prevented the download due to the "Malicious Websites" category. Within the error message from the proxy, the malicious domain was visible. Another easy gained IOC to hunt for 🤠
Show this thread

Jan 28, 2023 · 11:06 AM UTC