Table of Contents
Introduction
Incident investigation and toolkit analysis
Detection
Privilege escalation and lateral movement
C2 communication
Cobalt Strike
Agent
Obtaining a command shell: reverse shell via an HTA file
Data collection
Pillager
Checkout
RawCopy
Mimikatz
Retrospective threat hunting
Takeaways and lessons learned
Appendix
Rules
Yara
Sigma
IOCs
Files
Domains and IPs
MITRE ATT&CK
Denis Kulik
Daniil Pogorelov
Introduction
Some time ago, Kaspersky MDR analysts detected a targeted att...