Happy Tuesday everyone!

Here is another great resource from the JPCERT/CC! For those of you out there who aren’t familiar with the Japan Computer Emergency Response Team Coordination Center, they published a report that got me into threat hunting, and that was the “Tool Analysis Result Sheet”, which changed the game for me.

The article today covers different #Windows Event Logs that you can use to identify human-operated ransomware. Using only the Application, Security, System, and Setup logs, the researchers dug through Conti, Phobos, Midas, BadRabbit, and more ransomware strains to see what evidence they left behind! Enjoy and Happy Hunting!

Event Log Talks a Lot: Identifying Human-operated Ransomware through Windows Event Logs
https://blogs.jpcert.or.jp/en/2024/09/windows.html

Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday Cyborg Security, Now Part of Intel 471