Realize Antivirus alerts don't mean the problem solved. The Antivirus usually just detects a single remnant linked to a bigger problem.
@jepayneMSFT says “... WMI persistence often needs a post detection remediation step ... like rebuilding the WMI database. For attackers this is a great advantage, especially in less informed IT organizations who might think an AV pop up means 'problem solved.'..”
https://twitter.com/jepaynemsft/status/964572908973572096
No comments:
Post a Comment