First cc.bat for reconnaissance Once the scheduled task is triggered, a previously deployed batch file, %System%cc.bat, is executed in the remote machine. Based on our telemetry, this batch file launches commands to gather system information. Among the commands executed are: powershell.exe -command “Get-NetAdapter |select InterfaceGuid” arp -a ipconfig /all fsutil fsinfo drives query user net […]
Microsoft’s scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products. In all, five of the vulnerabilities for which Microsoft issued a February patch were rated as critical, 66 as important, and two as moderate. The update […]