Cisco Talos: Qilin EDR killer infection chain
Pulse ID: 69d33a5e7b8174614730aac9
Pulse Link: https://otx.alienvault.com/pulse/69d33a5e7b8174614730aac9
Pulse Author: Tr1sa111
Created: 2026-04-06 04:45:18
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cisco #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #Talos #bot #Tr1sa111
Securing the Supply Chain: How SentinelOne's AI EDR Stops the ...
Pulse ID: 69d33ab7ea748feb1c34bdaa
Pulse Link: https://otx.alienvault.com/pulse/69d33ab7ea748feb1c34bdaa
Pulse Author: Tr1sa111
Created: 2026-04-06 04:46:47
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #SentinelOne #SupplyChain #bot #Tr1sa111
Securing the Supply Chain: How SentinelOne's AI EDR Stops the ...
On March 31, 2026, a North Korean state actor hijacked the npm credentials of the primary Axios maintainer and published two backdoored releases that deployed a cross-platform remote access trojan (RAT) to Windows, macOS, and Linux systems. Axios is the most widely used HTTP client in the JavaScript ecosystem, with approximately 100 million weekly downloads and a presence in roughly 80% of cloud and code environments.
Pulse ID: 69cf03e05f6b299dc3efd2cd
Pulse Link: https://otx.alienvault.com/pulse/69cf03e05f6b299dc3efd2cd
Pulse Author: AlienVault
Created: 2026-04-03 00:03:44
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Cloud #CyberSecurity #EDR #HTTP #InfoSec #Java #JavaScript #Korea #Linux #Mac #MacOS #NPM #NorthKorea #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SentinelOne #SupplyChain #Trojan #Windows #bot #iOS #AlienVault
Cisco Talos: Qilin EDR killer infection chain
Endpoint detection and response (EDR) tools are widely deployed and far more capable than traditional antivirus. As a result, attackers use EDR killers to disable or bypass them. The malicious “msimg32.dll” used in Qilin ransomware attacks, which is a multi-stage infection chain targeting EDR systems. It can terminate over 300 different EDR drivers from almost every vendor in the market.
Pulse ID: 69ce8a077d7ad13478a8e495
Pulse Link: https://otx.alienvault.com/pulse/69ce8a077d7ad13478a8e495
Pulse Author: AlienVault
Created: 2026-04-02 15:23:51
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cisco #CyberSecurity #EDR #Endpoint #EndpointDetectionandResponse #InfoSec #OTX #OpenThreatExchange #RansomWare #Talos #bot #AlienVault
Страшно, когда не видно: аудит сетевых устройств
Представьте, что вы не знаете, какие устройства подключены к вашей сети, как они настроены и что там происходит. Страшно? Ещё бы! Многие компании как раз так и живут — не уделяют внимания аудиту сетевого оборудования. А зря. Без такой инвентаризации невозможно ни нормально управлять ИТ-инфраструктурой, ни защититься от угроз. Мы наблюдаем в инфраструктуре клиентов это так часто, что поняли – нужно выдать базу. Мы – это руководитель практики развития MaxPatrol Carbon Константин Маньяков и эксперт центра безопасности (PT ESC) Данил Зарипов, и в этой статье мы будем разбираться в ключевых аспектах аудита сетевых устройств, его роли в построении эффективного управления активами и повышении уровня защищенности ИТ-инфраструктуры.
https://habr.com/ru/companies/pt/articles/1016806/
#maxpatrol_carbon #ptesc #pci_dss #cdp #lldp #mitm #arpspoofing #edr #bgp #nat
EDR killers explained: Beyond the drivers
Pulse ID: 69bf24fd2e9c27ef1394f08c
Pulse Link: https://otx.alienvault.com/pulse/69bf24fd2e9c27ef1394f08c
Pulse Author: Tr1sa111
Created: 2026-03-21 23:08:45
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111
How a Tax Search Leads to Kernel-Mode AV/EDR Kill
Pulse ID: 69bf25078f1db9fa6faaefac
Pulse Link: https://otx.alienvault.com/pulse/69bf25078f1db9fa6faaefac
Pulse Author: Tr1sa111
Created: 2026-03-21 23:08:55
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #bot #Tr1sa111
"EDR killers explained: Beyond the drivers"
https://www.welivesecurity.com/en/eset-research/edr-killers-explained-beyond-the-drivers/
EDR killers explained: Beyond the drivers
This analysis explores the ecosystem of EDR (Endpoint Detection and Response) killers, tools used by ransomware attackers to disrupt security solutions before deploying encryptors. The research, based on almost 90 EDR killers tracked in the wild, reveals that these tools are fundamental in modern ransomware operations. Affiliates, not operators, typically choose EDR killers, leading to greater tooling diversity in larger affiliate pools. The same vulnerable driver can appear in unrelated tools, and tools can switch between drivers, making driver-based attribution unreliable. The landscape includes forked proofs of concept, professional implementations, and commercial offerings. While Bring Your Own Vulnerable Driver (BYOVD) technique dominates, custom scripts, anti-rootkits, and driverless approaches are also utilized. The analysis emphasizes the importance of looking beyond drivers to understand the full scope of EDR killer ecosystem and its implications for cybersecurity.
Pulse ID: 69bc161ca8746db879422810
Pulse Link: https://otx.alienvault.com/pulse/69bc161ca8746db879422810
Pulse Author: AlienVault
Created: 2026-03-19 15:28:28
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #Endpoint #EndpointDetectionandResponse #InfoSec #OTX #OpenThreatExchange #RAT #RansomWare #Rootkit #bot #AlienVault
How a Tax Search Leads to Kernel-Mode AV/EDR Kill
A large-scale malvertising campaign targeting U.S. tax form searchers has been uncovered. The attack chain begins with Google Ads, using dual commercial cloaking services to evade detection. Victims are directed to rogue ScreenConnect installers, leading to a multi-stage crypter that ultimately deploys a BYOVD (Bring Your Own Vulnerable Driver) tool. This tool, named HwAudKiller, exploits a previously undocumented Huawei audio driver to terminate antivirus and EDR processes from kernel mode. The campaign's sophistication lies in its use of commodity tools and services, combining free-tier ScreenConnect instances, off-the-shelf crypters, and a signed driver with an exploitable weakness. The attackers consistently deploy multiple remote access tools on compromised hosts for redundancy, indicating a likely pre-ransomware or initial access broker operation.
Pulse ID: 69bc8d909b5c7bee4ed80899
Pulse Link: https://otx.alienvault.com/pulse/69bc8d909b5c7bee4ed80899
Pulse Author: AlienVault
Created: 2026-03-19 23:58:08
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #ELF #Google #GoogleAds #InfoSec #Malvertising #OTX #OpenThreatExchange #RAT #RansomWare #ScreenConnect #bot #AlienVault
OTX Bot
Habr
~w00p~
