Feathers
Feathers
I would like to bring to your attention that the [Process injection by Qakbot malware](https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/master/Defense%20evasion/qakbot-campaign-process-injection.md) is misleading since the query is actually for the cookie and browsing history theft of...
Corrected the query to the one corresponding to the process injection, previous published one was for cookie and browsing history theft.
used for DLL sideloading by Chinese APTs
In the sandbox analysis Webex executes the DLL from the path "C:\Users\user\Desktop\CiscoSparkLauncher.dll". Perhaps a new folder should be added for Cisco
Cobalt Strike is abusing Fastly CDN by using quite unique patterns of using 6 subdomains, seen on one than more sources. However this detection might still be the case of...
I would like to suggest as improvement to add details ( or a file ) with prerequisites for ingesting the attack data in a new Splunk instance. If the data...
### Summary of the Pull Request Added the string "eyJhbGciOi" cooresponding to {"alg": from the JWT token header ### Changelog update: Suspicious Office Token Search Via CLI - added 'eyJhbGciOi'...