In this “Spotlight on Fingerprinting, Tofsee Configs & RansomHub-Linked Loaders” webinar, we walked through:
- Improved VTIs to detect registry queries, domain joins, and stealthy OS fingerprinting via LOLBins like systeminfo.
- New config extractors for Tofsee and SocGholish/FakeUpdates, often linked to RansomHub.
- New YARA rules for stealers, loaders, and RATs seen in campaigns like SalatStealer, ModiLoader, and DarkVision RAT.