Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures - RedPacket Security
Tags
country: China
attack-pattern: Code Signing - T1553.002 Code Signing Certificates - T1587.002 Code Signing Certificates - T1588.003 Hooking - T1617 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Code Signing - T1116 Hooking - T1179 Hooking
Show in Graph
Common Information
Type Value
UUID ad8bc498-d3e2-4ba6-b3e1-8f59c69e52c0
Fingerprint 3d518d3f093eb284
Analysis status DONE
Considered CTI value 0
Text language
Published July 11, 2023, 9:03 p.m.
Added to db July 11, 2023, 10:28 p.m.
Last updated Nov. 17, 2024, 6:50 p.m.
Headline RedPacket Security
Title Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures - RedPacket Security
Detected Hints/Tags/Attributes 50/2/2
Source URLs
Redirection Url
Details Source https://www.redpacketsecurity.com/hackers-exploit-windows-policy-loophole-to-forge-kernel-mode-driver-signatures/
URL Provider
Details Provider Source level domain
Details redpacketsecurity.com www.redpacketsecurity.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 361 RedPacket Security https://www.redpacketsecurity.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 2 
dnfclientshell32.exe
Details IPv4 1441 
127.0.0.1