Skip to main content

Blob.boy.rar

Found references to [PowerShell commands, API hooking, or credential harvesting]. MITRE ATT&CK Mapping: T1059: Command and Scripting Interpreter. T1055: Process Injection. T1112: Modify Registry. 5. Remediation & Recommendations

Connection attempts observed to [C2 Server IP/Domain] via port [Port Number] . Blob.Boy.rar

Add the hash of Boy.exe and the C2 domain to your Organization's EDR/Firewall . Found references to [PowerShell commands, API hooking, or