This presentation will dive into the deployment of Self-Drive by the financially motivated threat group UNC6448. Drawing from our own observations and Mandiant’s analysis, we will explore the attack life cycle, malware capabilities, and how an Incident Response team can hunt, respond, and create detections. The key takeaways will include the importance of monitoring social engineering rules, drive-by compromises, and robust detection rules.
