This article discusses a case that started with an email from a brand-new MTR customer.
The customer had just heard that a third-party vendor they work with had been hit by ransomware and was worried they might also be affected.
Download this case to get a deeper analysis about how:
- The script was a downloader that would have downloaded a malicious payload hosted at a URL;
- The search across network traffic data reveals the URL was never connected;
- The downloader script was attempting to make a scheduled task.