OTRF / detection-hackathon-apt29

Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets
GNU General Public License v3.0
133 stars 41 forks source link

19.A) File Deletion, Process Injection #44

Open Cyb3rWard0g opened 4 years ago

Cyb3rWard0g commented 4 years ago

Description

The attacker deletes various files (T1107) associated with that access by reflectively loading and executing the Sdelete binary (T1055) within powershell.exe