Windows 10: protection, detection, and response against recent Depriz malware attacks - Microsoft Security Blog
Tags
attack-pattern: Data Models Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Scheduled Task - T1053.005 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID 0c0750b5-8164-4a69-9a3c-f4b43b9904f6
Fingerprint 950309586f368616
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 9, 2016, 5:34 p.m.
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Oct. 1, 2024, 2:34 p.m.
Headline Windows 10: protection, detection, and response against recent Depriz malware attacks
Title Windows 10: protection, detection, and response against recent Depriz malware attacks - Microsoft Security Blog
Detected Hints/Tags/Attributes 51/1/13
Source URLs
Redirection Url
Details Source https://blogs.technet.microsoft.com/mmpc/2016/12/09/windows-10-protection-detection-and-response-against-recent-attacks/
URL Provider
Details Provider Source level domain
Details microsoft.com blogs.technet.microsoft.com
Attributes
Details Type #Events CTI Value
Details File 4 
ntssrvr32.exe
Details File 3 
ntssrvr64.exe
Details File 3 
routeman.exe
Details File 5 
drdisk.sys
Details sha1 1 
5c52253b0a2741c4c2e3f1f9a2f82114a254c8d6
Details sha1 1 
e7c7f41babdb279c099526ece03ede9076edca4e
Details sha1 1 
a2669df6f7615d317f610f731b6a2129fbed4203
Details sha1 1 
425f02028dcc4e89a07d2892fef9346dac6c140a
Details sha1 1 
ad6744c7ea5fee854261efa403ca06b68761e290
Details sha1 1 
1292c7dd60214d96a71e7705e519006b9de7968f
Details sha1 1 
ce549714a11bd43b52be709581c6e144957136ec
Details Windows Registry Key 1 
HKLM\System\CurrentControlSet\Control\SystemBootDevice
Details Windows Registry Key 1 
HKLM\System\CurrentControlSet\Control\FirmwareBootDevice