Tag
This brief describes the detection of Windows system binaries executing from uncommon locations, a defense evasion and stealth technique employed by various threat actors including Lazarus Group and Sidewinder APT, indicating potential malicious activity on an endpoint.