Side-load Pneuma using Windows Defender

/static/assets/windows-logo.svg
Run the vulnerable MsMpEng.exe executable with a Pneuma DLL in the same folder to perform a DLL side-load of Pneuma.
locked
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.

Login

Test this TTP

Download Operator (1.7.0)
Test this TTP using one of our Operator chains
Kaseya VSA Attack

2021-08-16

/static/assets/windows-logo.svg
Side-load an agent using components of the REvil ransomware attack kill chain.