Bypassing EDR Real-Time Injection Detection Logic - RedBluePurple
Tags
Common Information
Type | Value |
---|---|
UUID | b1e42f3e-f2f1-4b45-8691-101d41dcf2ee |
Fingerprint | f728895735e39459 |
Analysis status | DONE |
Considered CTI value | 1 |
Text language | |
Published | April 8, 2020, midnight |
Added to db | Jan. 18, 2023, 8:48 p.m. |
Last updated | Nov. 17, 2024, 11:40 p.m. |
Headline | Bypassing EDR Real-Time Injection Detection Logic |
Title | Bypassing EDR Real-Time Injection Detection Logic - RedBluePurple |
Detected Hints/Tags/Attributes | 55/2/11 |
Source URLs
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 3 | ela.st |
|
Details | Domain | 4128 | github.com |
|
Details | File | 149 | msbuild.exe |
|
Details | File | 533 | ntdll.dll |
|
Details | File | 14 | beacon.dll |
|
Details | Github username | 17 | elastic |
|
Details | Github username | 1 | falconforceteam |
|
Details | MITRE ATT&CK Techniques | 440 | T1055 |
|
Details | Url | 1 | https://ela.st/mitre-round3 |
|
Details | Url | 1 | https://github.com/elastic/detection-rules |
|
Details | Url | 1 | https://github.com/falconforceteam/falconfriday |