WIZARD SPIDER, PINCHY SPIDER, CARBON SPIDER, TWISTED SPIDER, GRACEFUL SPIDER, MUMMY SPIDER, DOPPEL SPIDER, VIKING SPIDER, SPRITE SPIDER, TRAVELING SPIDER
WIZARD SPIDER Targets Financial Institutions
A hidden shell command is launch from a running svchost.exe process on a Windows domain controller.
wmic process where name="svchost.exe" get
processid,name,commandline,sessionid,creationdate
tasklist /v
Monitor unusual behavior from svchost.exe instances, in particular
the presence of suspicious DLLs leveraging svchost.exe to make unusual network connections to external infrastructure.
Copyright © 2024 Cryptogram Labs - All Rights Reserved.
Powered by Cryptogram
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.