Ss-bet-001_s.7z Instant

Restrict the use of administrator accounts and audit any use of built-in Windows tools for non-administrative tasks.

To protect against activity involving this artifact, organizations are encouraged to: SS-Bet-001_s.7z

The actor uses the 7z.exe utility to compress and password-protect stolen data before exfiltrating it from the victim's network. Restrict the use of administrator accounts and audit