The basic activity diagram of security logging is as follows: Note that there are many steps involved in this process. It all starts with, “do we even really want to log and monitor this activity?” In a hypothetical world, a security professional’s dream answer would be, “Yes, and every single action that may represent a
security relevantevent should indeed be logged.”
In 2021 September, I came across a (then) recent sample for Zloader. After finishing with most of the static analysis steps, I noticed there is already existing research on this by SentinelOne, but I thought carrying on with the analysis will be good practice and use of my time.
Understand modern ransomware attacks and build an incident response strategy to work through them - by Oleg Skulkin