SolarMarker Jupyter Infostealer Backdoor malware extravaganza
We recently discovered a PC attempting to contact an odd IP Address and our firewall caught it and blocked it due to a "No IP format" rule we have. After this we noticed Bitdefender was picking up some .ps1 files. After researching a bit... This was the Jupyter Infostealer, SolarMarker and it was on stage 3/4 of its cycle. Although this threat seems to be very good at remaining hidden, there are fingerprints left by it that could be used as indicators of infection. Is there a way to leverage Bitdefender against this threat by monitoring for certain file names, reg entries, hash executions?
0
Comments
-
Hi @WindowsPretender ,
That's a nice bit of info shared right here. Thank you for your suggestion, I'll pass this on to the info-sec team.
cheers,
Mike
Intel Core i7-7700 @ 3.60Ghz, 64GB DDR4 || Gigabyte nVIDIA GeForce® GTX 1070 G1 8GB || WD Blue NAND 500GB + 1TB
0 -
Hello @WindowsPretender ,
To your question directly, that would be our EDR product: https://www.bitdefender.com/business/enterprise-products/endpoint-detection-response.html.
What solution are you using?
cheers,
Mike
Intel Core i7-7700 @ 3.60Ghz, 64GB DDR4 || Gigabyte nVIDIA GeForce® GTX 1070 G1 8GB || WD Blue NAND 500GB + 1TB
0
