DOCSLIB.ORG

Microsoft Edge Deployment Guide Plan Before Your First Broad Deployment of Microsoft Edge, Consider These Key Steps

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Microsoft Edge Deployment Guide Plan Before Your First Broad Deployment of Microsoft Edge, Consider These Key Steps Microsoft Edge Deployment Guide Plan Before your first broad deployment of Microsoft Edge, consider these key steps: Step 1 Evaluate your existing browser environment and Step 6 Run app compatibility testing browser need Many organizations must run app compatibility testing to validate Take time to understand your current browser state and any applications for compliance or risk management reasons. necessary prerequisites. Set goals to ensure all project stakeholders Lab testing. Applications are validated in a tightly controlled are aligned and working toward the same deployment result. environment with specific configurations. Pilot testing. Applications are validated by a limited number of Step 2 Determine your deployment methodology users in their daily work environment using their own devices. After you know your desired end state, you’re ready to choose how to deploy Microsoft Edge to end users: by role or by site. Step 7 Deploy Microsoft Edge to a pilot group With your policies defined and your initial app compatibility Step 3 Perform site discovery for Enterprise Site List tested, you’re now ready to deploy to your pilot group. Additional site discovery is needed if you depend on legacy web applications and plan to use Internet Explorer mode (which most customers do). To learn more, see page 6. Step 8 Validate your deployment After your pilot is deployed, you will want to capture all the feedback on compatibility, policy configuration, ease of use, and new features. Step 4 Select your channel strategy Consider a deployment strategy that includes multiple devices and channels; this gives your business broad, stable functionality Step 9 Develop a change management plan and broadly while preserving the ability to test new features in preview builds. deploy Microsoft Edge Once your deployment plan is updated with lessons learned from the pilot, you’re ready to do a full deployment of Microsoft Edge to Define and configure policies Step 5 all your users. Consider a change management plan for your users to After you’ve created your Enterprise Site List for legacy web apps, get the most out of Microsoft Edge. start identifying and configuring the policies you intend to deploy. This ensures that these policies are applied when testing begins. Step 10 Ongoing management Because Microsoft Edge experiences regular updates over time, you will want to evaluate these steps periodically to account for any changes to your environment. To help with this, we recommend running the Microsoft Edge Beta with a representative subset of users to test-build prior to broad deployment. For more detailed information, visit here. 2 Channels overview Microsoft Edge channels are available on all supported versions of Windows, Windows Server, and macOS. The mobile version is available on iOS and Android devices. Stable Preview Channels Have the opportunity to test new builds and features, and provide feedback directly to Microsoft. BETA DEV A production-ready release, ideal for broad deployment The most stable preview experience and offers full The Dev builds are the best representation of weekly to most devices with full enterprise support. enterprise support. improvements, while allowing for early evaluations of new features. This is the most stable version of the browser, with general Each release incorporates learnings and improvements availability for broad deployment enterprise-wide. Major updates from the Dev (weekly) and Canary (daily) builds, with major We recommend using the Dev channel for learning and/or are released every six weeks and include all learnings from the updates every six weeks. We recommend running this channel planning. These builds are tested by the Microsoft Edge team, and preview builds. with a representative subset of users to test builds within are generally more stable than those from Canary. your environment before they move to our production-ready Stable channel. Download your preferred channel here. 3 Microsoft Mechanics video series Learn how to deploy Microsoft Edge, set up Internet Explorer mode and configure with policies, and how to set up Microsoft Search with the Microsoft Edge playlist. Deploy Security & Compatibility Microsoft Search Get a hands-on tour of how to deploy Microsoft Edge to Take a hands-on tour to experience the security, Get a hands-on tour of Microsoft Search, tailored your devices. compatibility, and manageability of the new experience to search for information in your Microsoft Edge. organization. Learn about Edge package options for automated installation, how to deploy Edge to Windows PCs using MECM (Microsoft Endpoint Edge is based on Chromium and designed to be the best You can easily find people, files, org charts, sites, and answers to Configuration Manager), and steps to ensure all managed devices, browser for business. Our host, Jeremy Chapman, shows you common questions. See how it works, how to set it up quickly, and including your phones and Macs, are provisioned with Edge. what sets it apart from other browsers. the advanced capabilities to help your users find the information they need to get work done. Check out the playlist at https://aka.ms/EdgeforIT. 4 Deploy and update After completing the steps for your deployment plan, there are multiple options for deploying and updating Microsoft Edge on both Windows and macOS. Windows macOS Deploying via Configuration Manager Deploying via Microsoft Intune Deploying via Jamf Deploying via Microsoft Intune Step 1 Step 1 Step 1 Step 1 Create a deployment in the console with a Ensure you have Windows 10 RS2 Create a new package in Jamf and assign Add and configure app information new node called Microsoft Edge Management. or above installed. details, configure policies, select distribution and app settings, and select scope tags Here you can create a new application; specify points and actions to take for each policy, (optional) in Microsoft Intune. a name, description, and location for the and review and complete the deployment. content of the app; select a channel and a version to deploy; and complete and test the Step 2 success of the deployment. Configure the app in Microsoft Intune. Step 2 Step 2 Find detailed steps for deployment here. Find detailed steps for deployment here. Step 2 Step 3 Once deployed, updates to the browser will Configure app information and app settings, show up in Configuration Manager as they and select scope tags (optional). become available. Step 4 Step 3 Add the app and conduct troubleshooting. Find detailed steps for deployment here. Step 5 Find detailed steps for deployment here. 5 If unable to access hyperlinks, please visit https://docs.microsoft.com/deployedge for more information. Internet Explorer mode Learn how to set up Internet Explorer (IE) mode for your organization by adding sites to the Enterprise Mode Site List. What is IE mode? Supported functionality Deploy IE mode on Microsoft Edge makes it easy to use all of the IE mode supports the following Internet Explorer Only those sites that you specifically configure (via sites your organization needs in a single browser functionality: policy) will use IE mode; all others will be rendered as modern web sites. To have sites open in IE mode, see All document modes and enterprise modes, ActiveX controls the below options: IE mode uses the integrated Chromium engine for modern sites, (such as Java or Silverlight), Browser Helper Objects, Internet and it uses the Trident MSHTML engine from Internet Explorer 11 Explorer settings and Group Policies that affect the security (IE11) for legacy sites. zone settings and Protected Mode, the F12 developer tools for Option 1 (Preferred) IE (when launch with IEChooser), and Microsoft Edge extensions When a site loads in IE mode, the IE logo indicator displays on (extensions that interact with IE page content directly are not List the site in the Enterprise Mode Site List XML defined in one fo the left side of navigation bar. You can click the IE logo to display supported). these policies: additional information. • Microsoft Edge 78 or later, “Configure the Enterprise Mode Site List” IE mode doesn’t support the following Internet • Internet Explorer, “Use the Enterprise Mode IE website list” Explorer functionality: Internet Explorer toolbars, Internet Explorer settings and Group Policies that affect the navigation menu (for example - search Option 2 engines, and home pages), and IE11 or Microsoft Edge F12 If you’re already using the “Send all intranet sites to Internet developer tools. Explorer” group policy, those sites will open in IE mode. • Microsoft Edge 77 or later IE mode not supported on macOS For a demonstration on how to configure IE mode, see the Microsoft Mechanics ‘Configure’ video on page 4. View IE mode OS/version prerequisites and learn more about IE mode here. 6 Configure Microsoft Edge can be configured on both Windows and macOS. Windows macOS Default Configuration Configure with Microsoft Intune Configure with Mobile Device Default Configuration Management You can configure Microsoft Edge on Windows 10 using MDM with your preferred Enterprise Mobility Step 1 Step 1 Management (EMM) or MDM provider that supports ADMX Ingestion. Step 1 Download and install the Microsoft Edge Create a profile to manage settings using Create a property list (.plist). administrative template. Administrative Templates. Step 1 Step 2 Step 2 Step 2 Ingest the Microsoft Edge ADMX file into Find detailed steps for configuration here. Create a configuration file. Add the template to Azure Active Directory your EMM or MDM provider. See your and to individual computers. provider for instructions on how to ingest an ADMX file. Step 3 Step 3 Deploy your .plist using your preferred Step 2 MDM provider. Set mandatory and recommended policies with the Group Policy Editor for both Active Create an OMA-URI for Microsoft Edge Directory and individual computers. policies. Step 4 Find detailed steps for configuration here. Step 4 Step 3 Find detailed steps for configuration here.
Load more

Recommended publications
  • Trident Development Framework
    Trident Development Framework Tom MacAdam Jim Covill Kathleen Svendsen Martec Limited Prepared By: Martec Limited 1800 Brunswick Street, Suite 400 Halifax, Nova Scotia B3J 3J8 Canada Contractor's Document Number: TR-14-85 (Control Number: 14.28008.1110) Contract Project Manager: David Whitehouse, 902-425-5101 PWGSC Contract Number: W7707-145679/001/HAL CSA: Malcolm Smith, Warship Performance, 902-426-3100 x383 The scientific or technical validity of this Contract Report is entirely the responsibility of the Contractor and the contents do not necessarily have the approval or endorsement of the Department of National Defence of Canada. Contract Report DRDC-RDDC-2014-C328 December 2014 © Her Majesty the Queen in Right of Canada, as represented by the Minister of National Defence, 2014 © Sa Majesté la Reine (en droit du Canada), telle que représentée par le ministre de la Défense nationale, 2014 Working together for a safer world Trident Development Framework Martec Technical Report # TR-14-85 Control Number: 14.28008.1110 December 2014 Prepared for: DRDC Atlantic 9 Grove Street Dartmouth, Nova Scotia B2Y 3Z7 Martec Limited tel. 902.425.5101 1888 Brunswick Street, Suite 400 fax. 902.421.1923 Halifax, Nova Scotia B3J 3J8 Canada email. [email protected] www.martec.com REVISION CONTROL REVISION REVISION DATE Draft Release 0.1 10 Nov 2014 Draft Release 0.2 2 Dec 2014 Final Release 10 Dec 2014 PROPRIETARY NOTICE This report was prepared under Contract W7707-145679/001/HAL, Defence R&D Canada (DRDC) Atlantic and contains information proprietary to Martec Limited. The information contained herein may be used and/or further developed by DRDC Atlantic for their purposes only.
    [Show full text]
  • Understanding the Attack Surface and Attack Resilience of Project Spartan’S (Edge) New Edgehtml Rendering Engine
    Understanding the Attack Surface and Attack Resilience of Project Spartan’s (Edge) New EdgeHTML Rendering Engine Mark Vincent Yason IBM X-Force Advanced Research yasonm[at]ph[dot]ibm[dot]com @MarkYason [v2] © 2015 IBM Corporation Agenda . Overview . Attack Surface . Exploit Mitigations . Conclusion © 2015 IBM Corporation 2 Notes . Detailed whitepaper is available . All information is based on Microsoft Edge running on 64-bit Windows 10 build 10240 (edgehtml.dll version 11.0.10240.16384) © 2015 IBM Corporation 3 Overview © 2015 IBM Corporation Overview > EdgeHTML Rendering Engine © 2015 IBM Corporation 5 Overview > EdgeHTML Attack Surface Map & Exploit Mitigations © 2015 IBM Corporation 6 Overview > Initial Recon: MSHTML and EdgeHTML . EdgeHTML is forked from Trident (MSHTML) . Problem: Quickly identify major code changes (features/functionalities) from MSHTML to EdgeHTML . One option: Diff class names and namespaces © 2015 IBM Corporation 7 Overview > Initial Recon: Diffing MSHTML and EdgeHTML (Method) © 2015 IBM Corporation 8 Overview > Initial Recon: Diffing MSHTML and EdgeHTML (Examples) . Suggests change in image support: . Suggests new DOM object types: © 2015 IBM Corporation 9 Overview > Initial Recon: Diffing MSHTML and EdgeHTML (Examples) . Suggests ported code from another rendering engine (Blink) for Web Audio support: © 2015 IBM Corporation 10 Overview > Initial Recon: Diffing MSHTML and EdgeHTML (Notes) . Further analysis needed –Renamed class/namespace results into a new namespace plus a deleted namespace . Requires availability
    [Show full text]
  • How to Change Your Browser Preferences So It Uses Acrobat Or Reader PDF Viewer
    How to change your browser preferences so it uses Acrobat or Reader PDF viewer. If you are unable to open the PDF version of the Emergency Action Plan, please use the instructions below to configure your settings for Firefox, Google Chrome, Apple Safari, Internet Explorer, and Microsoft Edge. Firefox on Windows 1. Choose Tools > Add-ons. 2. In the Add-ons Manager window, click the Plugins tab, then select Adobe Acrobat or Adobe Reader. 3. Choose an appropriate option in the drop-down list next to the name of the plug-in. 4. Always Activate sets the plug-in to open PDFs in the browser. 5. Ask to Activate prompts you to turn on the plug-in while opening PDFs in the browser. 6. Never Activate turns off the plug-in so it does not open PDFs in the browser. Select the Acrobat or Reader plugin in the Add-ons Manager. Firefox on Mac OS 1. Select Firefox. 2. Choose Preferences > Applications. 3. Select a relevant content type from the Content Type column. 4. Associate the content type with the application to open the PDF. For example, to use the Acrobat plug-in within the browser, choose Use Adobe Acrobat NPAPI Plug-in. Reviewed 2018 How to change your browser preferences so it uses Acrobat or Reader PDF viewer. Chrome 1. Open Chrome and select the three dots near the address bar 2. Click on Settings 3. Expand the Advanced settings menu at the bottom of the page 4. Under the Privacy and security, click on Content Settings 5. Find PDF documents and click on the arrow to expand the menu 6.
    [Show full text]
  • Nessus 8.3 User Guide
    Nessus 8.3.x User Guide Last Updated: September 24, 2021 Table of Contents Welcome to Nessus 8.3.x 12 Get Started with Nessus 15 Navigate Nessus 16 System Requirements 17 Hardware Requirements 18 Software Requirements 22 Customize SELinux Enforcing Mode Policies 25 Licensing Requirements 26 Deployment Considerations 27 Host-Based Firewalls 28 IPv6 Support 29 Virtual Machines 30 Antivirus Software 31 Security Warnings 32 Certificates and Certificate Authorities 33 Custom SSL Server Certificates 35 Create a New Server Certificate and CA Certificate 37 Upload a Custom Server Certificate and CA Certificate 39 Trust a Custom CA 41 Create SSL Client Certificates for Login 43 Nessus Manager Certificates and Nessus Agent 46 Install Nessus 48 Copyright © 2021 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trade- marks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective Download Nessus 49 Install Nessus 51 Install Nessus on Linux 52 Install Nessus on Windows 54 Install Nessus on Mac OS X 56 Install Nessus Agents 58 Retrieve the Linking Key 59 Install a Nessus Agent on Linux 60 Install a Nessus Agent on Windows 64 Install a Nessus Agent on Mac OS X 70 Upgrade Nessus and Nessus Agents 74 Upgrade Nessus 75 Upgrade from Evaluation 76 Upgrade Nessus on Linux 77 Upgrade Nessus on Windows 78 Upgrade Nessus on Mac OS X 79 Upgrade a Nessus Agent 80 Configure Nessus 86 Install Nessus Home, Professional, or Manager 87 Link to Tenable.io 88 Link to Industrial Security 89 Link to Nessus Manager 90 Managed by Tenable.sc 92 Manage Activation Code 93 Copyright © 2021 Tenable, Inc.
    [Show full text]
  • Quick Guide Page | 1
    Quick Guide Page | 1 Contents Welcome to Windows 10 ................................................................................................................................................................................................... 3 Key innovations ...................................................................................................................................................................................................................... 3 Cortana ................................................................................................................................................................................................................................. 3 Microsoft Edge .................................................................................................................................................................................................................. 4 Gaming & Xbox ................................................................................................................................................................................................................ 5 Built-in apps ....................................................................................................................................................................................................................... 7 Enterprise-grade secure and fast ...................................................................................................................................................................................
    [Show full text]
  • Quick Start: Microsoft Edge
    Quick start: Microsoft Edge Get oriented If you’re familiar with Internet Explorer, you’ll have no trouble getting going with Microsoft Edge. Here are the basics. Back and Forward Add a favorite... ...see your favorites Where you expect ‘em. Address bar Same location. Don’t see what you need? Look here. Refresh Reading view Add your notes We moved this and made it bigger. This is new. It changes Draw on this page or take pages for easier reading. a note. Quick start: Microsoft Edge Microsoft Edge makes finding the needles in the internet’s haystack faster and easier. Find answers quickly by typing your question in the address bar. If we’ve got the answer, we’ll show it to you or make a suggestion. 1. Ask your question in the Address bar 2. Find your answer here 3. See other options here Quick start: Microsoft Edge If you’ve got a lot of web reading to do, switch to Reading view and give your eyes a break. Before After Need more contrast or a bigger font? To change settings, select More in the upper-right corner, select Settings, scroll to the Reading section and play with the options. Quick start: Microsoft Edge If you don’t always have internet access, add webpages that you want to read later to your Reading List and you’ll be able to get to them offline, too. 1. Add things to the list 2. Open the list Open a webpage > select the Favorites Hub button > Reading list . button > Reading list > Add.
    [Show full text]
  • Microsoft Patches Were Evaluated up to and Including CVE-2020-1587
    Honeywell Commercial Security 2700 Blankenbaker Pkwy, Suite 150 Louisville, KY 40299 Phone: 1-502-297-5700 Phone: 1-800-323-4576 Fax: 1-502-666-7021 https://www.security.honeywell.com The purpose of this document is to identify the patches that have been delivered by Microsoft® which have been tested against Pro-Watch. All the below listed patches have been tested against the current shipping version of Pro-Watch with no adverse effects being observed. Microsoft Patches were evaluated up to and including CVE-2020-1587. Patches not listed below are not applicable to a Pro-Watch system. 2020 – Microsoft® Patches Tested with Pro-Watch CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability CVE-2020-1577 DirectWrite Information Disclosure Vulnerability CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1565 Windows Elevation of Privilege Vulnerability CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability
    [Show full text]
  • Download Edge Browser for Windows 2012 Download Microsoft Edge Offline Installer for Windows 10, 11
    download edge browser for windows 2012 Download Microsoft Edge Offline Installer for Windows 10, 11. Download Microsoft Edge's offline installer to install the web browser on multiple computers. Well, if you have been reading tech news for a while, then you might be well aware of the new Edge browser. Microsoft Edge is a new browser released by Microsoft, and it’s based on Chromium Project. The great thing about the new Microsoft Edge browser is that it uses the same Blink engine used by Google Chrome. The Blink engine is also used by some other popular web browsers like Opera, Vivaldi, etc. Microsoft Edge browser comes preinstalled with the latest builds of Windows 10. However, it was missing on the older Windows version such as Windows 7. Windows 8, and Windows 8.1. If you want to use the new Microsoft Edge on an older version of Windows, you need to use the Microsoft Edge installer. Microsoft Edge Installer (Online) Well, Microsoft Edge provides an online installer for downloading Microsoft Edge on the older version of Windows 10. The online installer is small in size, but it requires an active internet connection to download all available files. The good thing about Microsoft Edge online installer is that it downloads the Edge browser’s up-to-date files on your system . So, you don’t need to check for the available updates manually. To download the online installer, check out the download links. Microsoft Edge Offline Installer. If you have multiple computers, then running an online installer would be a waste of time and bandwidth.
    [Show full text]
  • Sample2.Js Malware Summary
    Threat Analysis Report Summary Threat Malicious Level File Name sample2.js MD5 Hash 580E637B97B16698CC750B445223D5C0 Identifier SHA-1 Hash 07E507426F72522DABFECF91181D7F64DC3B8D23 Identifier SHA-256 Hash 790999F47B2FA4396FF6B0A6916E295D832A12B3495A87590C859A1FE9D73245 Identifier File Size 3586 bytes File Type ASCII text File 2015-11-06 09:26:23 Submitted Duration 38 seconds Sandbox 27 seconds Replication Engine Analysis Engine Threat Name Severity GTI File Reputation --- Unverified Gateway Anti-Malware JS/Downloader.gen.f Very High Anti-Malware JS/Downloader.gen.f Very High YARA Custom Rules Sandbox Malware.Dynamic Very High Final Very High Sample is malicious: f inal severit y level 5 Behavior Classif icat ion Networking Very High Exploiting, Shellcode High Security Solution / Mechanism bypass, termination and removal, Anti Unverified Debugging, VM Detection Spreading Unverified Persistence, Installation Boot Survival Unverified Hiding, Camouflage, Stealthiness, Detection and Removal Protection Unverified Data spying, Sniffing, Keylogging, Ebanking Fraud Unverified Dynamic Analysis Action Severity Malware behavior: networking activities from non-executable file Very High ATTENTION: connection made to a malicious website (see Web/URL Very High reputation for details) Detected suspicious Java Script content High Downloaded data from a webserver Low Modified INTERNET_OPTION_CONNECT_RETRIES: number of times that Low WinInet attempts to resolve and connect to a host Connected to a specific service provider Low Cracks a URL into its component
    [Show full text]
  • Silk Test 20.5
    Silk Test 20.5 Silk4J User Guide Micro Focus The Lawn 22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK http://www.microfocus.com © Copyright 1992-2019 Micro Focus or one of its affiliates. MICRO FOCUS, the Micro Focus logo and Silk Test are trademarks or registered trademarks of Micro Focus or one of its affiliates. All other marks are the property of their respective owners. 2019-10-23 ii Contents Welcome to Silk4J 20.5 ....................................................................................10 Licensing Information ......................................................................................11 Silk4J ................................................................................................................ 12 Do I Need Administrator Privileges to Run Silk4J? ........................................................... 12 Best Practices for Using Silk4J ........................................................................................ 12 Automation Under Special Conditions (Missing Peripherals) ............................................13 Silk Test Product Suite ...................................................................................................... 14 What's New in Silk4J ........................................................................................16 Save Time and Costs with Service Virtualization for Mobile Devices ............................... 16 Enhance Security with Java-based Encryption ................................................................. 16 Usability Enhancements
    [Show full text]
  • Automated Malware Analysis Report For
    ID: 310931 Sample Name: 44S5D444F55G8222Y55UU44S4S.vbs Cookbook: default.jbs Time: 07:32:12 Date: 07/11/2020 Version: 31.0.0 Red Diamond Table of Contents Table of Contents 2 Analysis Report 44S5D444F55G8222Y55UU44S4S.vbs 4 Overview 4 General Information 4 Detection 4 Signatures 4 Classification 4 Startup 4 Malware Configuration 4 Yara Overview 4 Sigma Overview 4 Signature Overview 4 AV Detection: 5 Data Obfuscation: 5 Persistence and Installation Behavior: 5 Malware Analysis System Evasion: 5 HIPS / PFW / Operating System Protection Evasion: 5 Mitre Att&ck Matrix 5 Behavior Graph 6 Screenshots 6 Thumbnails 6 Antivirus, Machine Learning and Genetic Malware Detection 7 Initial Sample 7 Dropped Files 7 Unpacked PE Files 7 Domains 7 URLs 7 Domains and IPs 8 Contacted Domains 8 Contacted URLs 8 URLs from Memory and Binaries 8 Contacted IPs 8 Public 9 General Information 9 Simulations 10 Behavior and APIs 10 Joe Sandbox View / Context 10 IPs 10 Domains 10 ASN 10 JA3 Fingerprints 11 Dropped Files 11 Created / dropped Files 11 Static File Info 11 General 11 File Icon 12 Network Behavior 12 TCP Packets 12 HTTP Request Dependency Graph 12 HTTP Packets 12 Code Manipulations 13 Statistics 13 Behavior 13 System Behavior 14 Analysis Process: wscript.exe PID: 6124 Parent PID: 3388 14 Copyright null 2020 Page 2 of 15 General 14 File Activities 14 File Created 14 File Written 14 Registry Activities 15 Analysis Process: wscript.exe PID: 5560 Parent PID: 6124 15 General 15 File Activities 15 Disassembly 15 Code Analysis 15 Copyright null 2020 Page 3 of
    [Show full text]
  • Download “The Spy Who Encrypted Me” Case Study
    April, 2020 APT41 The Spy Who Encrypted Me Contents APT41 – A spy who steals or a thief who spies ......................................................... 3 The investigation .................................................................................................. 3 The base .......................................................................................................... 4 The toolkit ........................................................................................................ 5 The point of entry .............................................................................................. 6 The initial vector of compromise .......................................................................... 8 Indicators of Compromise .................................................................................... 10 References ......................................................................................................... 11 244 Fifth Avenue, Suite 2035, New York, NY 10001 LIFARS.com (212) 222-7061 [email protected] APT41 – A SPY WHO STEALS OR A THIEF WHO SPIES An advanced persistent threat (“APT”) is, typically, either a nation-state actor and aims at benefiting its state through sabotage, espionage, or industrial espionage; or a cybercriminal and its aims are to steal money through theft, fraud, ransom or blackmail. The Chinese-based threat actor APT41 blurs the lines: known to have run financially- motivated operations against the videogame industry as early as 2012, it got its notoriety in 2013 when
    [Show full text]