|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-05-08 | |
| Rule Name: | Tool Magic Unicorn Detection | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Magic Unicorn is a tool that converts shellcode into powershell commands, supports original powershell, hta, macro and other execution methods, and supports AMSI bypass.This rule is used to detect the powershell command generated by Magic Unicorn. | |
| Impact: | Attackers use attack tools to attack targets, which can lead to data leakage, service interruption, system crash, data tampering, and illegal access. | |
| Affected OS: | Windows | |
| Reference: | ||
| Solutions |
|---|
| 1. Scan the server file system to ensure that there are no hacker tools and related malicious files. 2. Complete system backup to ensure server data security. 3. Harden the security of the server, restrict access permissions, install firewalls, and use secure access control lists. |