#cortexxdr — Public Fediverse posts

nice

"Identifying the algorithm, key, and IV was relatively straightforward with assistance from an LLM."

A hardcoded string is present in the binary, but only a portion of it is used as the key (maybe this is supposed to be a obfuscation technique): :ablobspin: :ah:
👇
https://labs.infoguard.ch/posts/decrypting-and-abusing_paloalto-cortex-xdr_behavioral-rules_biocs/

#cortexxdr #cyberveille

Tiens, jolie démo et trouvaille!

l'équipe redteam d' Infoguard 🫕 a décortiqué le système de communication pour la prise de contrôle à distance de l'EDR de Palo Cortex pour la détourner en mode Living-off-the-Land
👇
https://labs.infoguard.ch/posts/abusing_cortex_xdr_live_response_as_c2/

.
.
.
.
The only hurdle is that Cortex has default rules to block and detect when its own processes are started by a non-standard parent process
Bypasses for these rules will not be published in this post. 😈 😢

#CyberVeille #CortexXDR

Unit42: CL0P Seeds ^_- Gotta Catch Em All! https://unit42.paloaltonetworks.com/cl0p-group-distributes-ransomware-data-with-torrents/ #CortexXpanse #CortexXSIAM #Ransomware #torrenting #CortexXDR #MOVEit #Linux #CL0P #Clop

Unit42: CL0P Seeds ^_- Gotta Catch Em All! https://unit42.paloaltonetworks.com/cl0p-group-distributes-ransomware-data-with-torrents/ #CortexXpanse #CortexXSIAM #Ransomware #torrenting #CortexXDR #MOVEit #Linux #CL0P #Clop

Unit42: CL0P Seeds ^_- Gotta Catch Em All! https://unit42.paloaltonetworks.com/cl0p-group-distributes-ransomware-data-with-torrents/ #CortexXpanse #CortexXSIAM #Ransomware #torrenting #CortexXDR #MOVEit #Linux #CL0P #Clop

Unit42: CL0P Seeds ^_- Gotta Catch Em All! https://unit42.paloaltonetworks.com/cl0p-group-distributes-ransomware-data-with-torrents/ #CortexXpanse #CortexXSIAM #Ransomware #torrenting #CortexXDR #MOVEit #Linux #CL0P #Clop

Unit42: CL0P Seeds ^_- Gotta Catch Em All! https://unit42.paloaltonetworks.com/cl0p-group-distributes-ransomware-data-with-torrents/ #CortexXpanse #CortexXSIAM #Ransomware #torrenting #CortexXDR #MOVEit #Linux #CL0P #Clop

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ #BehavioralThreatProtection #AdvancedURLFiltering #ChinaChopper #threatactors #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #backdoor #WildFire #APT

Unit42: Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda https://unit42.paloaltonetworks.com/stately-taurus-attacks-se-asian-government/ #ThreatProtection #BRONZEPRESIDENT #StatelyTaurus #MustangPanda #threatactors #CL-STA-0044 #CortexXSIAM #Government #EarthPreta #CortexXDR #webshells #backdoor #RedDelta #WildFire #TA416

Unit42: Unit 42 Researchers Discover Multiple Espionage Operations Targeting Southeast Asian Government https://unit42.paloaltonetworks.com/analysis-of-three-attack-clusters-in-se-asia/ #BehavioralThreatProtection #ThreatProtection #StatelyTaurus #ChinaChopper #CobaltStrike #MustangPanda #threatactors #AlloyTaurus #CL-STA-0044 #CL-STA-0045 #CL-STA-0046 #CortexXSIAM #DNSsecurity #Government #CortexXDR #Gelsemium #webshells #WildFire #GALLIUM #APTs

Unit42: Threat Group Assessment: Turla (aka Pensive Ursa) https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/ #Cloud-DeliveredSecurityServices #ThreatBriefsandAssessments #advancedpersistentthreat #ThreatAdvisory/Analysis #AdvancedURLFiltering #AdvancedWildFire #DNSsecurity #QUIETCANARY #HyperStack #CortexXDR #TinyTurla #Uroburos #Capibar #Carbon #ComRAT #Crutch #Tunnus #Snake #APT

Unit42: Threat Group Assessment: Turla (aka Pensive Ursa) https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/ #Cloud-DeliveredSecurityServices #ThreatBriefsandAssessments #advancedpersistentthreat #ThreatAdvisory/Analysis #AdvancedURLFiltering #AdvancedWildFire #DNSsecurity #QUIETCANARY #HyperStack #CortexXDR #TinyTurla #Uroburos #Capibar #Carbon #ComRAT #Crutch #Tunnus #Snake #APT

Unit42: Threat Group Assessment: Turla (aka Pensive Ursa) https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/ #Cloud-DeliveredSecurityServices #ThreatBriefsandAssessments #advancedpersistentthreat #ThreatAdvisory/Analysis #AdvancedURLFiltering #AdvancedWildFire #DNSsecurity #QUIETCANARY #HyperStack #CortexXDR #TinyTurla #Uroburos #Capibar #Carbon #ComRAT #Crutch #Tunnus #Snake #APT

Unit42: Threat Group Assessment: Turla (aka Pensive Ursa) https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/ #Cloud-DeliveredSecurityServices #ThreatBriefsandAssessments #advancedpersistentthreat #ThreatAdvisory/Analysis #AdvancedURLFiltering #AdvancedWildFire #DNSsecurity #QUIETCANARY #HyperStack #CortexXDR #TinyTurla #Uroburos #Capibar #Carbon #ComRAT #Crutch #Tunnus #Snake #APT

Unit42: Threat Group Assessment: Turla (aka Pensive Ursa) https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/ #Cloud-DeliveredSecurityServices #ThreatBriefsandAssessments #advancedpersistentthreat #ThreatAdvisory/Analysis #AdvancedURLFiltering #AdvancedWildFire #DNSsecurity #QUIETCANARY #HyperStack #CortexXDR #TinyTurla #Uroburos #Capibar #Carbon #ComRAT #Crutch #Tunnus #Snake #APT

Unit42: Threat Group Assessment: Turla (aka Pensive Ursa) https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/ #Cloud-DeliveredSecurityServices #ThreatBriefsandAssessments #advancedpersistentthreat #ThreatAdvisory/Analysis #AdvancedURLFiltering #AdvancedWildFire #DNSsecurity #QUIETCANARY #HyperStack #CortexXDR #TinyTurla #Uroburos #Capibar #Carbon #ComRAT #Crutch #Tunnus #Snake #APT

Unit42: Threat Group Assessment: Turla (aka Pensive Ursa) https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/ #Cloud-DeliveredSecurityServices #ThreatBriefsandAssessments #advancedpersistentthreat #ThreatAdvisory/Analysis #AdvancedURLFiltering #AdvancedWildFire #DNSsecurity #QUIETCANARY #HyperStack #CortexXDR #TinyTurla #Uroburos #Capibar #Carbon #ComRAT #Crutch #Tunnus #Snake #APT

Unit42: Threat Group Assessment: Turla (aka Pensive Ursa) https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/ #Cloud-DeliveredSecurityServices #ThreatBriefsandAssessments #advancedpersistentthreat #ThreatAdvisory/Analysis #AdvancedURLFiltering #AdvancedWildFire #DNSsecurity #QUIETCANARY #HyperStack #CortexXDR #TinyTurla #Uroburos #Capibar #Carbon #ComRAT #Crutch #Tunnus #Snake #APT