Skip to content
Search
Get A Demo
Try For Free
    Get A Demo
    Try For Free
      August 27, 2024

      Security Detection Update - 2024-8-27

      Welcome to our weekly security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.

      Introduction and Overview

      This week we spent working on beta testing some new threat feeds, and also detecting ransomware based on powershell module commands.

      New Detections

      This update introduces:

      Generic Locker PowerShell Module

      The script was reported by The DFIR Report as being a multi-purpose tool to conduct various tasks including discovery, defense evasion, exfiltration, lateral movement, and execute ransomware using a custom PowerShell module. The ransomware variants observed in the script included Dagon Locker, Quantum, Revil, and Xing. An example of the malicious PowerShell locker module used by this script is provided below, the number and type of flags passed to the module may vary but at a minimum the module will require the name, path, and type of ransomware locker to be defined:

      invokemodule -module locker -locker malicious.dll -lockerpath programdata\microsoft -lockertype dll -lockername sysfunc -lockerdeployonly $true -lockerentrypoint run -handlesystems custom

      Tag(s): Product Updates , Security Alerts , Blog , Product Release Notes , Detection Update

      Amanda Berlin

      Amanda Berlin is the Senior Product Manager of Cybersecurity at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An...

      More from the blog

      View All Posts
      Product Updates
      11 min read | August 5, 2025

      July 2025 Product Releases

      Read More
      New Blumira Pre-built Compliance Reports
      Compliance Security Frameworks and Insurance
      7 min read | July 17, 2025

      Blumira's Compliance Reports: Making Audit Assessments a Breeze

      Read More
      Blumira API
      Product Updates
      5 min read | July 15, 2025

      Streamline Your SecOps with the New Blumira API

      Read More