Currently, the tool looks for:
The presence of malware identified by security researchers as TEARDROP and RAINDROP;
Credential dumping certificate pulls;
Certain persistence mechanisms identified as associated with this campaign;
System, network, and M365 enumeration; and
Known observable indicators of lateral movement.
Github Repository: github.com/cis...
10 сен 2024