Bypassing EDR Real-Time Injection Detection Logic - RedBluePurple
Common Information
Type Value
UUID b1e42f3e-f2f1-4b45-8691-101d41dcf2ee
Fingerprint f728895735e39459
Analysis status DONE
Considered CTI value 1
Text language
Published April 8, 2020, midnight
Added to db Jan. 18, 2023, 8:48 p.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline Bypassing EDR Real-Time Injection Detection Logic
Title Bypassing EDR Real-Time Injection Detection Logic - RedBluePurple
Detected Hints/Tags/Attributes 55/2/11
Attributes
Details Type #Events CTI Value
Details Domain 3
ela.st
Details Domain 4128
github.com
Details File 149
msbuild.exe
Details File 533
ntdll.dll
Details File 14
beacon.dll
Details Github username 17
elastic
Details Github username 1
falconforceteam
Details MITRE ATT&CK Techniques 440
T1055
Details Url 1
https://ela.st/mitre-round3
Details Url 1
https://github.com/elastic/detection-rules
Details Url 1
https://github.com/falconforceteam/falconfriday