New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Binary Defense MDR Agent / Server Update

MDR Agent Version 4.8.1

MDR Server Version 2.137.0

Binary Defense has released a new version of MDR. Highlights include important new Windows detections, an updated version of Sysmon, and a variety of routine fixes.

All servers have been updated to the latest release. This agent release includes a new version of Sysmon to remediate a vulnerability, and enhanced detection capabilities.

MDR Agent software will update over the next few weeks for all clients except those who have previously opted out of updates. If you are currently receiving updates and would like to opt out of this one, please send your request to [email protected]

Effective January 1, 2022, all versions prior to MDR Agent Version 4.6.10 will not be supported, and effective February 1, 2022, will cease reporting events. Going forward we will support the two most recent versions or versions that are a year old—whichever is longer.

Alarms

Two alarms have been added to enhance detection capabilities and reduce false positives. The first alarm detects Cobalt Beacons as they are created. Our Threat Hunting team has found distinct characteristics when the remote thread is created giving us a solid detection with little to no false positives. The second alarm detects probing for Administrator privilege with Powershell. This alarm is effective for detecting privilege escalation attempts.