Kavremover Dropped Binary LOLBIN Usage (d047726b-c71c-4048-a99b-2e2f50dc107d)
Detects the execution of a signed binary dropped by Kaspersky Lab Products Remover (kavremover) which can be abused as a LOLBIN to execute arbitrary commands and binaries.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Kavremover Dropped Binary LOLBIN Usage (d047726b-c71c-4048-a99b-2e2f50dc107d) | Sigma-Rules | Trusted Developer Utilities Proxy Execution - T1127 (ff25900d-76d5-449b-a351-8824e62fc81b) | Attack Pattern | 1 |