new: Lazarus APT DLL Sideloading Activity
new: File Download From IP Based URL Via CertOC.EXE
new: File Download From IP URL Via Curl.EXE
update: Remote Thread Creation By Uncommon Source Image
update: Remote Thread Creation In Uncommon Target Image
update: ADSI-Cache File Creation By Uncommon Tool
update: Files With System Process Name In Unsuspected Locations
update: PowerShell Module File Created By Non-PowerShell Process
update: PSScriptPolicyTest Creation By Uncommon Process
update: Suspicious LNK Double Extension File Created
update: PowerShell Profile Modification
update: Alternate PowerShell Hosts Pipe
update: File Download via CertOC.EXE
update: Suspicious File Download From IP Via Curl.EXE
update: Arbitrary File Download Via GfxDownloadWrapper.EXE
update: Potentially Suspicious Office Document Executed From Trusted Location
---------
Co-authored-by: phantinuss <79651203+phantinuss@users.noreply.github.com>
Nasreddine Bencherchali