“##ress was deployed to the environment. within an hour, every trace of it was identified and eliminated. want to hunt persistence yourself? start here : - uncommon scheduled tasks - user registry run keys - the windows startup folder when rdp goes bad a medical research company e…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1021.001Remote Desktop Protocol
81%
“##ress was deployed to the environment. within an hour, every trace of it was identified and eliminated. want to hunt persistence yourself? start here : - uncommon scheduled tasks - user registry run keys - the windows startup folder when rdp goes bad a medical research company e…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
78%
“tricked into installing a remote access tool via email. the attacker : - dropped a malicious cobalt strike beacon ( x64. exe ) - tried to install a rogue screenconnect instance huntress — utilizing its managed microsoft defender setup — shut it down before things got worse. but h…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1608.006SEO Poisoning
52%
“employee downloaded gootloader malware via an seo poisoning attack. from there : - huntress edr flagged anomalous domain enumeration - we found a newly created account : “ administralol ” - investigated further — turns out, the entry point was gootloader malware - attackers tried…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1547.001Registry Run Keys / Startup Folder
44%
“##ress was deployed to the environment. within an hour, every trace of it was identified and eliminated. want to hunt persistence yourself? start here : - uncommon scheduled tasks - user registry run keys - the windows startup folder when rdp goes bad a medical research company e…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Stopping malware isn’t about catching one-off alerts. It’s about finding and shutting down the persistence that keeps them in your systems. Here’s how Huntress found, fought, and drop-kicked malware that others missed.