eSentire | Bored BeaverTail & InvisibleFerret Yacht Club

<!doctype html> <html lang="en-US"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="robots" content="noodp,noydir">  <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-57Z6ZWR'); </script>  <script> (function () { var zi = document.createElement('script'); zi.type = 'text/javascript'; zi.async = true; zi.src = 'https://ws.zoominfo.com/pixel/3k8XsFBkOniCq5dTRwpV'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(zi, s); })(); </script> <link rel="stylesheet" href="/style.css?v=4.11.57"> <link rel="stylesheet" href="https://unpkg.com/aos@2.3.1/dist/aos.css"> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.css"/> <link rel="shortcut icon" href="https://esentire-dot-com-assets.s3.ca-central-1.amazonaws.com/assetsV4/External/blue_favicon_48x48.ico?v=2024"> <link rel="stylesheet" href="https://use.typekit.net/evh1ctd.css"> <link rel="stylesheet" href="https://use.typekit.net/amm2djb.css">  <script referrerPolicy="no-referrer-when-downgrade" src="https://dev.visualwebsiteoptimizer.com/lib/780243.js" id="vwoCode"></script>  <title>eSentire | Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus…</title><meta name="generator" content="SEOmatic"> <meta name="description" content="Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate,…"> <meta name="referrer" content="no-referrer-when-downgrade"> <meta name="robots" content="all"> <meta content="https://www.facebook.com/eSentireMDR/" property="fb:profile_id"> <meta content="en_US" property="og:locale"> <meta content="eSentire" property="og:site_name"> <meta content="website" property="og:type"> <meta content="https://www.esentire.com/blog/bored-beavertail-invisibleferret-yacht-club-a-lazarus-lure-pt-2" property="og:url"> <meta content="Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2" property="og:title"> <meta content="Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate,…" property="og:description"> <meta content="https://esentire-dot-com-assets.s3.amazonaws.com/assetsV4/External/SEO/tru_meta_BoredBeaverTail.jpg" property="og:image"> <meta content="eSentire - The Authority in Managed Detection and Response" property="og:image:alt"> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@eSentire"> <meta name="twitter:creator" content="@eSentire"> <meta name="twitter:title" content="Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2"> <meta name="twitter:description" content="Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate,…"> <meta name="twitter:image" content="https://esentire-dot-com-assets.s3.amazonaws.com/assetsV4/External/SEO/tru_meta_BoredBeaverTail.jpg"> <meta name="twitter:image:alt" content="eSentire - The Authority in Managed Detection and Response"> <link href="https://www.esentire.com/blog/bored-beavertail-invisibleferret-yacht-club-a-lazarus-lure-pt-2" rel="canonical"> <link href="https://www.esentire.com" rel="home"></head> <body class="no-sidebar blog">  <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-57Z6ZWR" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>   <script type="text/javascript"> function readCookie(c_name) { var c_value = document.cookie; var c_start = c_value.indexOf(" " + c_name + "="); if (c_start == -1) { c_start = c_value.indexOf(c_name + "="); } if (c_start == -1) { c_value = null; } else { c_start = c_value.indexOf("=", c_start) + 1; var c_end = c_value.indexOf(";", c_start); if (c_end == -1) { c_end = c_value.length; } c_value = unescape(c_value.substring(c_start, c_end)); } return c_value; } function setCookie(a, d, b) { var c = new Date; c.setTime(c.getTime() + 864E5 * b); b = "; expires=" + c.toGMTString(); document.cookie = a + "=" + d + b } function getParam(a) { return (a = RegExp("[?&]" + a + "=([^&]*)").exec(window.location.search)) && decodeURIComponent(a[1].replace(/\+/g, " ")) } if (getParam("gclid")) { setCookie("gclid", getParam("gclid"), 270); }; if (getParam("utm_source")) { setCookie("utm_source", getParam("utm_source"), 270); }; if (getParam("utm_medium")) { setCookie("utm_medium", getParam("utm_medium"), 270); }; if (getParam("utm_campaign")) { setCookie("utm_campaign", getParam("utm_campaign"), 270); }; if (getParam("utm_content")) { setCookie("utm_content", getParam("utm_content"), 270); }; if (getParam("kpid")) { setCookie("kpid", getParam("kpid"), 270); }; if (getParam("sfcampaignid")) { setCookie("sfcampaignid", getParam("sfcampaignid"), 270) }; if (getParam("msclid")) { setCookie("msclid", getParam("msclid"), 270) }; if (getParam("li_fat_id")) { setCookie("li_fat_id", getParam("li_fat_id"), 270) }; </script>  <div class="NavBar"> <div class="NavBar__Content"> <div class="NavBar__Left"> <a class="NavBar__Logo" href="https://www.esentire.com"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 230 32" xml:space="preserve"><path d="M55.8 22c0 1.6-.3 3-1 4.2-.6 1.2-1.5 2.3-2.6 3.1-1.1.9-2.4 1.5-3.8 1.9-1.5.4-3 .6-4.6.6-2.4 0-4.5-.3-6.5-.9-1.9-.6-3.7-1.7-5.3-3.3l4.9-4.9c.8.8 1.9 1.4 3.1 1.7 1.2.3 2.5.5 3.8.5 3 0 4.4-.9 4.4-2.8 0-.8-.2-1.4-.6-1.8-.4-.4-1.1-.7-2-.8l-3.7-.5c-2.8-.4-4.8-1.3-6.2-2.8-1.4-1.5-2.1-3.6-2.1-6.3 0-1.4.2-2.7.8-4 .5-1.2 1.3-2.3 2.2-3.1 1-.9 2.2-1.6 3.5-2.1 1.4-.5 3-.7 4.7-.7 2.2 0 4.2.3 5.9.8 1.7.6 3.3 1.6 4.5 2.9l-4.8 4.8c-.4-.5-1-.8-1.6-1.1-.5-.2-1.1-.4-1.6-.5-.5-.1-1-.2-1.5-.2h-1.2c-.6 0-1.2.1-1.7.3-.4.2-.8.4-1.2.7-.3.3-.5.6-.7.9-.1.3-.2.7-.2 1 0 .2.1.5.1.7.1.3.3.5.5.7.2.2.5.4.8.6.4.2.9.3 1.3.4l3.7.5c2.7.4 4.8 1.2 6.1 2.6.8.8 1.4 1.8 1.8 2.9.6 1.4.8 2.7.8 4m7.4 9.6V.3h21v6.9H70.8v5.2h11.5v6.9H70.8v5.5h13.4v6.8h-21zm46.4 0-9.9-15.7v15.7h-7.6V.3h6.6l9.9 15.8V.3h7.6v31.3h-6.6zm28.8-24.5v24.4h-7.6V7.1h-7.6V.2H146v6.9h-7.6zm14.5 24.5V.3h7.6v31.3h-7.6zm31.9 0L179.3 20h-2.6v11.6h-7.6V.3h12.3c1.6 0 3.1.3 4.5.9 1.2.5 2.4 1.3 3.3 2.3.9.9 1.6 2 2 3.2.4 1.2.7 2.5.7 3.7 0 1-.1 2-.4 2.9-.3.8-.7 1.6-1.2 2.3-.5.7-1 1.2-1.6 1.7-.6.5-1.2.9-1.8 1.2l6.7 13.1h-8.8zm-.4-21.2c0-.8-.3-1.6-.9-2.2-.6-.6-1.4-1-2.4-1h-4.3v6.3h4.3c1 0 1.9-.3 2.4-1 .6-.5.9-1.3.9-2.1M200 31.6V.3h21v6.9h-13.4v5.2h11.5v6.9h-11.5v5.5H221v6.9l-21-.1zM22.7 3.9C19.8.2 14.9.2 14.9.2H10S5.1.2 2.2 3.9C.4 6.2 0 8.4 0 9.9V22c0 1.5.4 3.7 2.2 5.9C5 31.6 10 31.6 10 31.6h14.9v-7H11.4s-2 0-3.1-1.5c-.5-.7-.8-1.5-.9-2.4v-1.4h17.3V9.9c.1-1.5-.3-3.7-2-6M7.5 10.6c0-.9.3-1.7.9-2.4 1.2-1.5 3.1-1.5 3.1-1.5h2s2 0 3.1 1.5c.5.7.8 1.5.9 2.4v1.8h-10v-1.8zm218.3 15.7c1.5 0 2.7 1.2 2.7 2.7s-1.2 2.7-2.7 2.7c-1.5 0-2.7-1.2-2.7-2.7 0-1.5 1.2-2.7 2.7-2.7zm0 4.7c1.1 0 2.1-.9 2.1-2.1 0-1.1-.9-2.1-2.1-2.1-1.1 0-2.1.9-2.1 2.1 0 1.2.9 2.1 2.1 2.1zm-1.1-.7v-2.7h1.1c.8 0 1 .5 1 .8 0 .4-.2.7-.6.8l.7 1.1h-.6l-.7-1h-.4v1h-.5zm1-1.5c.4 0 .6-.1.6-.4 0-.3-.2-.4-.5-.4h-.5v.8h.4z" style="fill:#19234d"></path></svg> </a> </div> <div class="NavBar__Right"> <div class="NavBar__MobileGetStarted"> <a href="/get-started">Get Started</a> </div> <div class="NavBar__MainItems"> <div class="NavBar__ButtonSubtleTriggerContainer"> <div class="NavBar__ButtonSubtle NavBar__ButtonSubtleTrigger" data-nav="whatWeDo">What We Do</div> </div> <div class="NavBar__ButtonSubtleTriggerContainer"> <div class="NavBar__ButtonSubtle NavBar__ButtonSubtleTrigger" data-nav="howWeDo">How We Do It</div> </div> <div class="NavBar__ButtonSubtleTriggerContainer"> <div class="NavBar__ButtonSubtle NavBar__ButtonSubtleTrigger" data-nav="resources">Resources</div> </div> <div class="NavBar__ButtonSubtleTriggerContainer"> <div class="NavBar__ButtonSubtle NavBar__ButtonSubtleTrigger" data-nav="company">Company</div> </div> <div class="NavBar__ButtonSubtleTriggerContainer"> <div class="NavBar__ButtonSubtle NavBar__ButtonSubtleTrigger" data-nav="partners">Partners</div> </div> </div> <div class="NavBar__SecondaryItems"> <div class="NavBar__ButtonSubtleTriggerContainer NavBar__ButtonSubtleTriggerContainer--HideMobile"> <div class="NavBar__ButtonSubtle NavBar__ButtonSubtleSearchIcon NavBar__ButtonSubtleTrigger" data-nav="search"> <svg data-name="New Layer" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32" style="width: 26px;"><ellipse cx="12.18" cy="12.42" rx="10.18" ry="10.42" fill="none" stroke="#000" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2.5"></ellipse><path fill="none" stroke="#000" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2.5" d="M20.45 20.23L30 30"></path></svg> </div> </div> <div class="NavBar__ButtonGetStarted"> <div id="NavBar__Button-GetStarted" class="NavBar__ButtonSubtleTrigger NavBar__Button" data-nav="getStarted"> Get Started <svg class="NavBar__Button--Close" xmlns="http://www.w3.org/2000/svg" width="17.081" height="7.498" viewBox="0 0 17.081 7.498"> <path id="Path_34" data-name="Path 34" d="M1156.073,389.624l7.959,5.685,7.959-5.685" transform="translate(-1155.492 -388.811)" fill="none" stroke="#fff" stroke-linejoin="round" stroke-width="2"/> </svg> </div> </div> <button class="NavBar__MobileNavicon" data-mobile-nav-toggle> <span class="navicon"></span> </button> </div> </div> </div> <div class="NavBar__MobileDropdown" data-mobile-nav> <div class="NavBar__MobileButtons"> <div class="NavBar__MobileButton NavBar__ButtonSubtleTrigger" data-nav="whatWeDo"> What we do <svg width="8" height="12" viewBox="0 0 8 12" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M0.220703 10.4023L4.62305 6L0.220703 1.59766L1.56836 0.25L7.31836 6L1.56836 11.75L0.220703 10.4023Z" fill="#3C2B77"/> </svg> </div> <div class="NavBar__MobileButton NavBar__ButtonSubtleTrigger" data-nav="howWeDo"> How we do it <svg width="8" height="12" viewBox="0 0 8 12" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M0.220703 10.4023L4.62305 6L0.220703 1.59766L1.56836 0.25L7.31836 6L1.56836 11.75L0.220703 10.4023Z" fill="#3C2B77"/> </svg> </div> <div class="NavBar__MobileButton NavBar__ButtonSubtleTrigger" data-nav="resources"> Resources <svg width="8" height="12" viewBox="0 0 8 12" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M0.220703 10.4023L4.62305 6L0.220703 1.59766L1.56836 0.25L7.31836 6L1.56836 11.75L0.220703 10.4023Z" fill="#3C2B77"/> </svg> </div> <div class="NavBar__MobileButton NavBar__ButtonSubtleTrigger" data-nav="company"> Company <svg width="8" height="12" viewBox="0 0 8 12" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M0.220703 10.4023L4.62305 6L0.220703 1.59766L1.56836 0.25L7.31836 6L1.56836 11.75L0.220703 10.4023Z" fill="#3C2B77"/> </svg> </div> <div class="NavBar__MobileButton NavBar__ButtonSubtleTrigger" data-nav="partners"> Partners <svg width="8" height="12" viewBox="0 0 8 12" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M0.220703 10.4023L4.62305 6L0.220703 1.59766L1.56836 0.25L7.31836 6L1.56836 11.75L0.220703 10.4023Z" fill="#3C2B77"/> </svg> </div> </div> <div class="NavBar__MobileCTA"> <a href="/get-started" class="NavBar__MobileCTAButton">Get Started</a> </div> </div> </div>  <div class="WhatWeDo NavBar__SubMenu" data-menu="whatWeDo"> <div class="WhatWeDo__Wrapper"> <div class="MobileDropdownNav"> <button class="MobileDropdownNav__BackButton" type="button"> <svg width="6" height="9" viewBox="0 0 6 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M5.92383 7.75391L4.92773 8.75L0.677734 4.5L4.92773 0.25L5.92383 1.24609L2.66992 4.5L5.92383 7.75391Z" fill="#3C2B77"/> </svg> <span>Back</span> </button> <div class="MobileDropdownNav__Title">What We Do</div> </div> <div class="WhatWeDo__Content"> <div class="WhatWeDo__Links"> <h6>ESENTIRE SERVICES</h6> <a href="/what-we-do/esentire-managed-detection-and-response" class="WhatWeDo__LinksIconBox WhatWeDo__LinksIconBox--WithSubLinks"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assetsV4/Common/mdr_nav_1.png" alt="MDR Icon"> <div> <h5>Managed Detection and Response</h5> <p>Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.</p> </div> </a> <div class="WhatWeDo__LinksIconBoxInner"> <a href="/what-we-do/esentire-managed-detection-and-response"> <h5>All-In-One MDR Solution →</h5> </a> <a href="/what-we-do/esentire-managed-detection-and-response/microsoft-mdr"> <h5>MDR for Microsoft →</h5> </a> <a href="/what-we-do/esentire-managed-detection-and-response/mdr-for-genai"> <h5>MDR for GenAI →</h5> </a> </div> <a href="/what-we-do/digital-forensics-and-incident-response" class="WhatWeDo__LinksIconBox"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assetsV4/Common/dfir_nav_1.png" alt="DFIR Icon"> <div> <h5>Digital Forensics and Incident Response</h5> <p>Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.</p> </div> </a> <a href="/what-we-do/exposure-vulnerability-and-risk-management" class="WhatWeDo__LinksIconBox"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assetsV4/Common/exposure_nav_1.png" alt="Exposure Vulnerability and Risk Management Icon"> <div> <h5>Exposure Management Services</h5> <p>Cyber risk and advisory programs that identify security gaps and build security strategies to address them.</p> </div> </a> </div> <div class="WhatWeDo__Links"> <h6>PLATFORM, PEOPLE AND RESPONSE</h6> <div class="WhatWeDo__LinksBox"> <div class="WhatWeDo__LinksBoxLeft"> <a href="/what-we-do/security-operations-center"> <h5>Security Operations Center (SOC)</h5> <p>24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.</p> </a> <a href="/what-we-do/xdr-extended-detection-and-response"> <h5>Extended Detection and<br> Response (XDR)</h5> <p>XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.</p> </a> <a href="/what-we-do/mdr-integrations"> <h5>Technology Integrations</h5> <p>Seamless integration and threat investigation across your existing tech stack.</p> </a> </div> <div class="WhatWeDo__LinksBoxRight"> <a href="/what-we-do/threat-response-unit"> <h5>Threat Response Unit (TRU)</h5> <p>Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.</p> </a> <a href="/what-we-do/cyber-resilience-team"> <h5>Cyber Resilience Team</h5> <p>Extend your team capabilities and prevent business disruption with expertise from eSentire.</p> </a> <a href="/what-we-do/esentire-managed-detection-and-response/response-and-remediation"> <h5>Response and Remediation</h5> <p>We balance automated blocks with rapid human-led investigations to manage threats.</p> </a> </div> </div> </div> </div> </div> </div>  <div class="HowWeDo NavBar__SubMenu" data-menu="howWeDo"> <div class="HowWeDo__Wrapper"> <div class="MobileDropdownNav"> <button class="MobileDropdownNav__BackButton" type="button"> <svg width="6" height="9" viewBox="0 0 6 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M5.92383 7.75391L4.92773 8.75L0.677734 4.5L4.92773 0.25L5.92383 1.24609L2.66992 4.5L5.92383 7.75391Z" fill="#3C2B77"/> </svg> <span>Back</span> </button> <div class="MobileDropdownNav__Title">How We Do</div> </div> <div class="HowWeDo__Content"> <div class="HowWeDo__Links HowWeDo__Links-Icons"> <h6>24/7 MDR SIGNALS</h6> <a href="/how-we-do-it/signals/mdr-for-endpoint"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 58 58"><defs><style>.cls-endpointherosv1{fill:#fff}</style></defs><g id="Layer_2"><g id="Layer_2-2"><g id="Component_2459_7"><path id="Path_5133" d="M29 0c16 0 29 13 29 29S45 58 29 58 0 45 0 29 13 0 29 0Z" style="fill:#7f4ee5"/><g id="Group_1494"><g id="Group_1493"><path id="Path_5109" d="M45 38.6c-.4 0-.8-.4-.8-.8V16.7c0-.2-.2-.4-.4-.4H14.3c-.2 0-.4.2-.4.4v21.1c0 .4-.3.8-.7.9s-.8-.3-.9-.7V16.7c0-1.1.9-2 2-2h29.5c1.1 0 2 .9 2 2v21.1c0 .4-.4.8-.8.8" class="cls-endpointherosv1"/><path id="Path_5110" d="M24.1 38.6H10.6c-.4 0-.8-.4-.7-.9 0-.4.3-.7.7-.7h13.5c.4 0 .8.3.9.7s-.3.8-.7.9h-.2" class="cls-endpointherosv1"/><path id="Path_5111" d="M47.4 38.6H33.9c-.4 0-.8-.4-.7-.9 0-.4.3-.7.7-.7h13.5c.4 0 .8.3.9.7s-.3.8-.7.9h-.2" class="cls-endpointherosv1"/><path id="Path_5112" d="M46.1 43.4H11.9c-1.1 0-2-.9-2-2v-3.6c0-.4.3-.8.7-.9s.8.3.9.7v3.8c0 .2.2.4.4.4h34.3c.2 0 .4-.2.4-.4v-3.6c0-.4.4-.8.9-.7.4 0 .7.3.7.7v3.6c0 1.1-.9 2-2 2" class="cls-endpointherosv1"/><path id="Path_5113" d="M33.8 40.2h-9.6c-.4 0-.8-.4-.8-.8v-1.6c0-.4.3-.8.7-.9s.8.3.9.7v1h8v-.8c0-.4.4-.8.9-.7.4 0 .7.3.7.7v1.6c0 .4-.4.8-.8.8" class="cls-endpointherosv1"/><path id="Path_5114" d="M18.6 24.2c-.4 0-.8-.4-.8-.8v-3.2c0-.4.3-.8.7-.9.4 0 .8.3.9.7v3.3c0 .4-.4.8-.8.8" class="cls-endpointherosv1"/></g></g></g></g></g></svg><div> <h5>Endpoint</h5> <p>Guard endpoints by isolating and remediating threats to prevent lateral spread.</p> </div> </a> <a href="/how-we-do-it/signals/mdr-for-network"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 58 58"><defs><path d="M15.6 13.7h26.9v30.7H15.6z" style="fill:none"/><style>.cls-Networkherosv2{fill:#fff}</style></defs><g id="Layer_2"><g id="Layer_2-2"><g id="Component_2459_8"><path id="Path_5133-2" d="M29 0c16 0 29 13 29 29S45 58 29 58 0 45 0 29 13 0 29 0Z" style="fill:#6c67d5"/><g id="Group_1502"><g id="Group_1501"><path id="Path_5139" d="M40.8 44.3H17.3c-.9 0-1.7-.8-1.7-1.7V15.3c0-.9.8-1.7 1.7-1.7h23.5c.9 0 1.7.8 1.7 1.7v27.3c0 .9-.8 1.7-1.7 1.7M17.2 15.1c-.2 0-.3.1-.3.3v27.3c0 .2.1.3.3.3h23.5c.2 0 .3-.1.3-.3V15.3c0-.2-.1-.3-.3-.3H17.2Z" class="cls-Networkherosv2"/><path id="Path_5140" d="M41.7 24.6H16.2c-.4 0-.7-.3-.7-.7 0-.4.3-.7.7-.7h25.5c.4 0 .7.3.7.7 0 .4-.3.7-.7.7" class="cls-Networkherosv2"/><path id="Path_5141" d="M20.1 21.4c-.4 0-.7-.3-.7-.7v-2.5c0-.4.3-.7.7-.7s.7.3.7.7v2.5c0 .4-.3.7-.7.7" class="cls-Networkherosv2"/><path id="Path_5142" d="M20.1 31c-.4 0-.7-.3-.7-.7v-2.5c0-.4.3-.7.7-.7s.7.3.7.7v2.5c0 .4-.3.7-.7.7" class="cls-Networkherosv2"/><path id="Path_5143" d="M20.1 40.5c-.4 0-.7-.3-.7-.7v-2.5c0-.4.3-.7.7-.7s.7.3.7.7v2.5c0 .4-.3.7-.7.7" class="cls-Networkherosv2"/><path id="Path_5144" d="M41.7 34.8H16.2c-.4 0-.7-.3-.7-.7 0-.4.3-.7.7-.7h25.5c.4 0 .7.3.7.7s-.3.7-.7.7" class="cls-Networkherosv2"/></g></g></g></g></g></svg> <div> <h5>Network</h5> <p>Defend brute force attacks, active intrusions and unauthorized scans.</p> </div> </a> <a href="/how-we-do-it/signals/mdr-for-log"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path d="M16 0c8.84 0 16 7.16 16 16s-7.16 16-16 16S0 24.84 0 16 7.16 0 16 0Z" style="stroke-width:0;fill:#687dd5"/><path d="M22.16 12.23a.278.278 0 0 0-.07-.23l-4.17-4.17a.235.235 0 0 0-.25-.06c-.03 0-.05-.01-.08-.01H12.4a.476.476 0 0 0-.48.47v13.46a.476.476 0 0 0 .48.48h9.29a.476.476 0 0 0 .48-.48V12.24m-4.18-3.6 3.29 3.29H18V8.64Zm3.66 13.01h-9.21V8.27h5.04v3.91c0 .14.12.26.26.26h3.91v9.22Zm-2.06 2.6h-9.28a.476.476 0 0 1-.48-.48V10.31c0-.26.21-.48.47-.48h.47c.14 0 .26.11.26.26s-.11.26-.26.26h-.43v13.38h9.2v-.44c0-.14.11-.26.26-.26s.26.11.26.26v.48a.476.476 0 0 1-.48.48m.24-4.52c-.14 0-.26-.12-.26-.26v-1.39c0-.14.11-.26.26-.26s.26.11.26.26v1.39c0 .14-.12.26-.26.26" style="fill:#fff;stroke-width:0"/></svg> <div> <h5>Log</h5> <p>Investigation and threat detection across multi-cloud or hybrid environments.</p> </div> </a> <a href="/how-we-do-it/signals/cloud"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><path d="M16 0c8.84 0 16 7.16 16 16s-7.16 16-16 16S0 24.84 0 16 7.16 0 16 0Z" style="stroke-width:0;fill:#40C3D9"/><path d="M20.52 21.64h-9.68c-2.06 0-3.72-1.69-3.72-3.75 0-1.52.93-2.88 2.34-3.45-.02-.2-.04-.39-.04-.59a5.416 5.416 0 0 1 5.34-5.49 5.423 5.423 0 0 1 5.14 3.5h.12c2.69 0 4.86 2.2 4.85 4.89 0 2.42-1.5 4.88-4.35 4.89ZM14.84 8.87c-2.71 0-4.91 2.2-4.91 4.91v.06c0 .24.02.48.06.72.02.12-.05.24-.17.28-1.69.57-2.59 2.4-2.03 4.09a3.204 3.204 0 0 0 3.04 2.19h9.66c2.54 0 3.87-2.21 3.87-4.38 0-2.41-1.94-4.37-4.35-4.38-.09 0-.17 0-.26.02a.262.262 0 0 1-.27-.17c-.67-2-2.55-3.34-4.66-3.34m6.64 8.91v-1.53c0-.14-.11-.25-.25-.25s-.25.11-.25.25v1.53c0 .14.11.25.25.25s.25-.11.25-.25" style="fill:#fff;stroke-width:0"/></svg> <div> <h5>Cloud</h5> <p>Remediate misconfigurations, vulnerabilities and policy violations.</p> </div> </a> <a href="/how-we-do-it/signals/identity"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_2" data-name="Layer 2" version="1.1" viewBox="0 0 58 58"><defs><clipPath id="clippath"><path d="M12.9 14.8h32.3v28.5H12.9z" style="stroke-width:0;fill:none"/></clipPath><style>.clsInsider-threat-4{stroke-width:0;fill:#fff}</style></defs><g id="Layer_2-2" data-name="Layer 2-2"><g id="Component_2459_11" data-name="Component 2459 11"><path id="Path_5133-5" d="M29 0c16 0 29 13 29 29S45 58 29 58 0 45 0 29 13 0 29 0Z" data-name="Path 5133-5" style="fill:#2cb1e2;stroke-width:0"/><g id="Group_1790" data-name="Group 1790" style="clip-path:url(#clippath)"><g id="Group_1789" data-name="Group 1789"><path id="Path_5151" d="M43.4 43.2H14.6c-1 0-1.8-.8-1.8-1.8V20.7c0-1 .8-1.8 1.8-1.8h28.7c1 0 1.8.8 1.8 1.8v20.7c0 1-.8 1.8-1.8 1.8M14.6 20.5c-.2 0-.3.1-.3.3v20.7c0 .2.1.3.3.3h28.7c.2 0 .3-.1.3-.3V20.8c0-.2-.1-.3-.3-.3H14.6Z" class="clsInsider-threat-4" data-name="Path 5151"/><path id="Path_5152" d="M44.4 29.2H13.6c-.4 0-.7-.3-.7-.7s.3-.7.7-.7h30.8c.4 0 .7.3.7.7s-.3.7-.7.7" class="clsInsider-threat-4" data-name="Path 5152"/><path id="Path_5153" d="M34.4 20.5c-.4 0-.7-.3-.7-.7v-2.1c0-.8-.6-1.4-1.4-1.4h-6.4c-.8 0-1.4.6-1.4 1.4v2.1c0 .4-.3.7-.7.7s-.7-.3-.7-.7v-2.1c0-1.6 1.3-2.9 2.9-2.9h6.4c1.6 0 2.9 1.3 2.9 2.9v2.1c0 .4-.3.7-.7.7" class="clsInsider-threat-4" data-name="Path 5153"/><path id="Path_5154" d="M29 26.4c-.4 0-.7-.3-.7-.7V23c0-.4.3-.7.7-.7s.7.3.7.7v2.7c0 .4-.3.7-.7.7" class="clsInsider-threat-4" data-name="Path 5154"/></g></g></g></g></svg> <div> <h5>Identity</h5> <p>Investigate and respond to compromised identities and insider threats.</p> </div> </a> </div> <div class="HowWeDo__RightLinks"> <div class="HowWeDo__Links"> <h6>INDUSTRIES</h6> <a href="/how-we-do-it/industries/insurance-cybersecurity"> <h5>Insurance</h5> </a> <a href="/how-we-do-it/industries/construction-cybersecurity"> <h5>Construction</h5> </a> <a href="/how-we-do-it/industries/financial-services-cybersecurity"> <h5>Finance</h5> </a> <a href="/how-we-do-it/industries/legal-cybersecurity"> <h5>Legal</h5> </a> <a href="/how-we-do-it/industries/manufacturing-cybersecurity"> <h5>Manufacturing</h5> </a> <a href="/how-we-do-it/industries/private-equity-cybersecurity"> <h5>Private Equity</h5> </a> <a href="/how-we-do-it/industries/healthcare-cybersecurity"> <h5>Healthcare</h5> </a> <a href="/how-we-do-it/industries/retail-cybersecurity"> <h5>Retail</h5> </a> <a href="/how-we-do-it/industries/food-supply-cybersecurity"> <h5>Food Supply</h5> </a> <a href="/how-we-do-it/industries/state-local-governments-cybersecurity"> <h5>Government and Education</h5> </a> <a href="/how-we-do-it/industries/automotive-dealerships"> <h5>Automotive Dealerships</h5> </a> </div> <div class="HowWeDo__Links"> <h6>USE CASES</h6> <div class="HowWeDo__Links-2"> <a href="/how-we-do-it/use-cases/ransomware"> <h5>Ransomware</h5> <p>Stop ransomware before it spreads.</p> </a> <a href="/how-we-do-it/use-cases/cybersecurity-compliance"> <h5>Cybersecurity Compliance</h5> <p>Meet regulatory compliance mandates.</p> </a> <a href="/how-we-do-it/use-cases/zero-day-exploits"> <h5>Zero Day Attacks</h5> <p>Detect and respond to zero-day exploits.</p> </a> <a href="/how-we-do-it/use-cases/cloud-misconfiguration-breaches"> <h5>Cloud Misconfiguration</h5> <p>End misconfigurations and policy violations.</p> </a> <a href="/how-we-do-it/use-cases/third-party-cyber-risk"> <h5>Third-Party Risk</h5> <p>Defend third-party and supply chain risk.</p> </a> <a href="/how-we-do-it/use-cases/mdr-outsourcing"> <h5>Do More With Less</h5> <p>Prevent disruption by outsourcing MDR.</p> </a> <a href="/how-we-do-it/use-cases/cyber-risk-management"> <h5>Cyber Risk</h5> <p>Adopt a risk-based security approach.</p> </a> <a href="/how-we-do-it/use-cases/meet-cyber-insurance-requirements"> <h5>Cyber Insurance</h5> <p>Meet insurability requirements with MDR.</p> </a> <a href="/how-we-do-it/use-cases/sensitive-data"> <h5>Sensitive Data Security</h5> <p>Protect your most sensitive data.</p> </a> <a href="/how-we-do-it/use-cases/security-leadership"> <h5>Security Leadership</h5> <p>Build a proven security program.</p> </a> <a href="/how-we-do-it/use-cases/cyber-threat-intelligence"> <h5>Cyber Threat Intelligence</h5> <p>Operationalize timely, accurate, and actionable cyber threat intelligence.</p> </a> </div> </div> </div> </div> <div class="HowWeDo__Box"> <div class="HowWeDo__BoxInner"> <div class="HowWeDo__BoxLeft"> <div class="HowWeDo__Links"> <a href="/how-we-do-it/mdr-pricing-packaging"> <h5>MDR Pricing</h5> <p>Three MDR package tiers are available based on per-user pricing and level of risk tolerance to enhance your existing defenses and resources.</p> </a> </div> </div> <div class="HowWeDo__BoxRight"> <a href="/how-we-do-it/mdr-pricing-packaging">EXPLORE MDR PACKAGES <span>→</span></a> </div> </div> </div> </div> </div>  <div class="Resources NavBar__SubMenu" data-menu="resources"> <div class="Resources__Wrapper"> <div class="MobileDropdownNav"> <button class="MobileDropdownNav__BackButton" type="button"> <svg width="6" height="9" viewBox="0 0 6 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M5.92383 7.75391L4.92773 8.75L0.677734 4.5L4.92773 0.25L5.92383 1.24609L2.66992 4.5L5.92383 7.75391Z" fill="#3C2B77"/> </svg> <span>Back</span> </button> <div class="MobileDropdownNav__Title">Resources</div> </div> <div class="Resources__Content"> <div class="Resources__BlogResources"> <div class="Resources__Links Resources__Links-Blogs"> <div> <h6>From The Blog</h6> <a href="https://www.esentire.com/blog/bored-beavertail-invisibleferret-yacht-club-a-lazarus-lure-pt-2"> <span class="Resources__Eyebrow">Nov 14, 2024</span> <h5>Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2 </h5> </a> <a href="https://www.esentire.com/blog/bored-beavertail-yacht-club-a-lazarus-lure"> <span class="Resources__Eyebrow">Oct 17, 2024</span> <h5>Bored BeaverTail Yacht Club – A Lazarus Lure </h5> </a> <a href="https://www.esentire.com/blog/cybersecurity-spending-where-to-allocate-your-budget-in-2025"> <span class="Resources__Eyebrow">Oct 17, 2024</span> <h5>Cybersecurity Spending: Where to Allocate Your Budget in 2025 </h5> </a> </div> <div class="Resources__BoxCTA"> <a href="/resources/blog"> VIEW ARTICLES <span>→</span> </a> </div> </div> <div class="Resources__Links"> <div class="Resources__Links Resources__Links-Library"> <h6>Resources</h6> <a href="/resources/mdr-and-cybersecurity-case-studies"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" viewBox="0 0 32 32"><defs><style>.clsCaseStudiesIcon-2{stroke-width:0;fill:#fff}</style></defs><g id="Group_1940"><circle id="Ellipse_16" cx="16" cy="16" r="16" style="stroke-width:0;fill:#19234d"/><g id="Group_1906"><path id="Path_5883" d="M20.3 22.37c-1.12 0-2.03-.91-2.03-2.03 0-1.12.91-2.03 2.03-2.03s2.03.91 2.03 2.03c0 1.12-.91 2.03-2.03 2.03m0-3.47c-.8 0-1.44.64-1.44 1.44s.64 1.44 1.44 1.44 1.44-.64 1.44-1.44c0-.79-.65-1.44-1.44-1.44" class="clsCaseStudiesIcon-2"/><path id="Path_5884" d="M22.62 22.95c-.08 0-.15-.03-.21-.09l-1.09-1.09c-.1-.14-.06-.32.07-.42.1-.07.24-.07.35 0l1.09 1.09a.3.3 0 0 1-.02.42c-.05.05-.12.07-.19.08" class="clsCaseStudiesIcon-2"/><path id="Path_5885" d="M17.41 22.95h-5.48c-.33 0-.6-.27-.6-.6V9.65c0-.33.27-.6.6-.6h5.78c.16-.03.32.08.35.24s-.08.32-.24.35H11.95v12.71h5.48c.16-.03.32.08.35.24s-.08.32-.24.35h-.1" class="clsCaseStudiesIcon-2"/><path id="Path_5886" d="M21.46 17.45c-.17 0-.3-.13-.3-.3V13.1c-.03-.16.08-.32.24-.35.16-.03.32.08.35.24V17.14c0 .17-.13.3-.3.3" class="clsCaseStudiesIcon-2"/><path id="Path_5887" d="M21.46 13.4H17.7c-.17 0-.3-.13-.3-.3V9.34c0-.17.15-.29.31-.29.07 0 .13.03.19.08l3.76 3.76a.3.3 0 0 1-.02.42c-.05.05-.12.07-.19.08m-3.46-.59h2.75l-2.75-2.75v2.75Z" class="clsCaseStudiesIcon-2"/></g></g></svg> <h5>Case Studies</h5> </a> <a href="/resources/tru-intelligence-center"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32"><defs><clipPath id="a"><path d="M8 7h15.75v18.17H8z" style="stroke-width:0;fill:none"/></clipPath></defs><circle cx="16" cy="16" r="16" style="fill:#19234d;stroke-width:0"/><g style="clip-path:url(#a)"><path d="M15.5 21.37h1.25v.4H15.5v-.4Zm4.78-.02v.44h1.27v1.69h.44v-1.69h.37v.88h.44v-.88h.37v1.31h.44v-1.31h.14v-.44h-3.47Zm-8.27 0h-1.47a.844.844 0 0 0-1.49-.79c-.03.05-.05.11-.07.17-.46-.08-.9.23-.98.69a.849.849 0 0 0 .98.98c.12.45.58.72 1.03.59s.72-.58.59-1.03a.865.865 0 0 0-.07-.17H12v-.44Zm5.46 1.95a5.85 5.85 0 0 1-.82 1.59c-.12.17-.31.27-.52.28-.21 0-.41-.11-.53-.28a5.85 5.85 0 0 1-.82-1.59c.09 0 .17-.03.26-.06.38-.16.63-.54.61-.96h.95c-.01.42.23.8.61.96.08.03.17.05.26.06m-1.2-4.36-.33 1.8h-.3a.908.908 0 0 0-.54-.93c-.38-.12-.79-.14-1.18-.06 0 0-.36-.9-.94-2.77-.35-1.1-.54-2.25-.56-3.41.39.46.97.71 1.57.67.69.02 1.38-.15 1.97-.51l-.9 2.36.95-.15-.55 3.15.81-.15Zm3-1.96c-.58 1.87-.94 2.77-.94 2.77-.39-.08-.8-.06-1.18.06-.33.14-.55.47-.54.84v.09h-.37l.93-2.66-.95.15.97-3.15-1.19.13.3-1.46c.59.35 1.27.52 1.95.5.6.05 1.19-.2 1.57-.67-.02 1.16-.21 2.31-.56 3.41m-.28 2.98c1.12-2.28 1.7-4.78 1.71-7.31 0 0 2.81 3.66-1.71 7.31m-5.71 0c-4.52-3.66-1.72-7.32-1.72-7.32 0 2.54.59 5.04 1.71 7.31m5.72-12.02-.07.03c-.99.3-1.92.8-2.72 1.47l-.02.03-.02-.03a8.165 8.165 0 0 0-2.82-1.5l-.08-.03s.1-.09.25-.19c.79-.48 1.7-.73 2.63-.73 1 0 1.97.32 2.79.9l.07.05ZM13.03 20.8v1.48c.01.19-.13.36-.32.38a.363.363 0 0 1-.38-.32v-1.53c-.01-.19.13-.36.32-.38.19-.01.36.13.38.32v.05m1.08 0v1.48c.01.19-.13.36-.32.38a.363.363 0 0 1-.38-.32v-1.53c-.01-.19.13-.36.32-.38.19-.01.36.13.38.32v.05m1.07 0v1.48c.01.19-.13.36-.32.38a.363.363 0 0 1-.38-.32v-1.53c-.01-.19.13-.36.32-.38.19-.01.36.13.38.32v.05m2.6 0v1.48c.01.19-.13.36-.32.38a.363.363 0 0 1-.38-.32v-1.53c-.01-.19.13-.36.32-.38.19-.01.36.13.38.32v.05m1.08 0v1.48c.01.19-.13.36-.32.38a.363.363 0 0 1-.38-.32v-1.53c-.01-.19.13-.36.32-.38.19-.01.36.13.38.32v.05m1.07 0v1.48c.01.19-.13.36-.32.38a.363.363 0 0 1-.38-.32v-1.53c-.01-.19.13-.36.32-.38.19-.01.36.13.38.32v.05m.5-10c-.11-.73-.31-1.45-.59-2.14l-.02-.03c.14-.22.27-.46.38-.7l-.06-.04c-.48.41-1.01.75-1.58 1.02-.88.3-1.69.77-2.38 1.39-.04.03-.09.03-.13 0-.68-.6-1.46-1.06-2.32-1.35-.59-.28-1.14-.63-1.64-1.06l-.05.04c.1.23.22.45.36.66l-.02.03c-.24.64-.42 1.3-.53 1.98s0 .03 0 .04a2.238 2.238 0 0 0 2.17 2.75c.47.02.93-.13 1.28-.44-.15-.32-.26-.66-.33-1.01-.21.21-.51.32-.81.3-.74 0-1.34-.6-1.34-1.34.01-.47.1-.94.25-1.39.23.27.47.53.74.77a.59.59 0 0 0 .06.84.59.59 0 0 0 .92-.18c.24.13.47.26.68.39.03.64.24 1.27.62 1.79l.02.03.02-.03c.38-.52.59-1.15.62-1.79.21-.14.45-.27.7-.4.14.3.5.42.79.28s.42-.5.28-.79c-.03-.05-.06-.1-.1-.15.26-.23.5-.49.72-.76.15.45.23.92.25 1.39 0 .74-.6 1.34-1.34 1.34-.3.02-.6-.09-.81-.3-.07.35-.18.68-.33 1.01.36.3.82.46 1.28.44a2.232 2.232 0 0 0 2.2-2.59" style="fill:#fff;stroke-width:0"/></g></svg> <h5>TRU Intelligence Center</h5> </a> <a href="/cybersecurity-tools"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" viewBox="0 0 32 32"><defs><style>.clsDisplayCybersecurityIcon-2{stroke-width:0;fill:#fff}</style></defs><g id="Group_1934"><circle id="Ellipse_47" cx="16" cy="16" r="16" style="stroke-width:0;fill:#19234d"/><g id="Group_1911"><path id="Path_6011" d="M12.47 13.21h-1.43a.26.26 0 0 1-.17-.07l-1.8-1.8a.23.23 0 0 1 0-.34l1.47-1.43c.09-.09.25-.09.34 0l1.76 1.77s.07.11.07.17v1.47c0 .13-.11.24-.24.24m-1.33-.49h1.09V11.6l-1.52-1.52-1.12 1.09 1.56 1.56Z" class="clsDisplayCybersecurityIcon-2"/><g id="Group_1910"><path id="Path_6012" d="M15.11 15.86a.26.26 0 0 1-.17-.07l-2.64-2.64c-.09-.1-.09-.25.01-.34.09-.09.24-.09.33 0l2.64 2.64c.09.09.09.25 0 .34-.05.05-.11.07-.17.07" class="clsDisplayCybersecurityIcon-2"/><path id="Path_6013" d="M12.21 23.51c-.36 0-.72-.06-1.07-.17a.24.24 0 0 1-.1-.4l1.28-1.28-.74-.74s-.02-.02-.03-.04l-.7-.7-1.29 1.28c-.1.09-.25.09-.34 0a.207.207 0 0 1-.06-.1c-.36-1.02-.12-2.15.62-2.94a2.18 2.18 0 0 1 2.64-.46l5.04-5.03c-.47-.88-.28-1.96.46-2.63.79-.75 1.93-1 2.97-.65a.24.24 0 0 1 .1.4l-1.28 1.28.74.74.03.03.71.71 1.29-1.28c.1-.09.25-.09.34 0 .03.03.05.06.06.1.33 1.06.06 2.22-.7 3.03-.69.68-1.75.83-2.6.37l-5.04 5.03c.48.89.31 2-.42 2.71-.51.49-1.19.76-1.9.74m-.53-.53c.74.17 1.51-.04 2.07-.55.62-.61.73-1.57.26-2.3a.26.26 0 0 1 .04-.29l5.28-5.28c.08-.07.19-.09.28-.04.69.44 1.59.35 2.19-.21.54-.57.79-1.35.67-2.13l-1.15 1.15c-.09.09-.25.09-.34 0l-.91-.91-.03-.03-.88-.88c-.09-.09-.1-.25 0-.34l1.15-1.15c-.75-.13-1.52.1-2.07.63-.63.56-.76 1.5-.3 2.22.05.09.03.21-.04.29l-5.28 5.28a.23.23 0 0 1-.28.04 1.74 1.74 0 0 0-2.23.3c-.52.54-.74 1.31-.6 2.04l1.16-1.15c.09-.09.25-.09.34 0l.91.91s.02.02.03.04l.88.88c.09.09.1.25 0 .34l-1.15 1.15Z" class="clsDisplayCybersecurityIcon-2"/><path id="Path_6014" d="M20.99 23.49a.26.26 0 0 1-.17-.07l-4.11-4.11s-.03-.04-.05-.06l-.59-1.17a.23.23 0 0 1 .05-.28l1.17-1.17c.07-.07.19-.09.28-.04l1.17.59s.04.03.06.04l4.11 4.11c.09.09.09.25 0 .34l-1.76 1.76s-.11.07-.17.07m-3.9-4.5 3.91 3.91 1.42-1.42-3.91-3.91-.98-.49-.93.93.49.98Z" class="clsDisplayCybersecurityIcon-2"/></g></g></g></svg> <h5>Cybersecurity Tools</h5> </a> <a href="/resources/video-library"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" viewBox="0 0 32 32"><defs><style>.clsVicoIcon-2{stroke-width:0;fill:#fff}</style></defs><g id="Group_1935"><circle id="Ellipse_43" cx="16" cy="16" r="16" style="stroke-width:0;fill:#19234d"/><g id="Group_1912"><path id="Path_6009" d="M16.15 22.9C12.2 22.9 9 19.7 9 15.75s3.2-7.15 7.15-7.15 7.15 3.2 7.15 7.15-3.2 7.15-7.15 7.15m0-13.83c-3.68 0-6.67 2.99-6.67 6.67s2.99 6.67 6.67 6.67 6.67-2.99 6.67-6.67c0-3.68-2.99-6.67-6.67-6.67" class="clsVicoIcon-2"/><path id="Path_6010" d="M14.35 18.99c-.13 0-.24-.11-.24-.24v-6.01a.243.243 0 0 1 .36-.21l5.11 3.01c.11.07.15.22.08.33-.02.04-.05.06-.08.08l-5.11 3s-.08.03-.12.03m.24-5.82v5.17l4.39-2.58-4.39-2.58Z" class="clsVicoIcon-2"/></g></g></svg> <h5>Videos</h5> </a> <a href="/resources/library?resourceType%5B%5D=Report"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" viewBox="0 0 32 32"><defs><style>.clsReportIcon-2{stroke-width:0;fill:#fff}</style></defs><g id="Group_1936"><circle id="Ellipse_44" cx="16" cy="16" r="16" style="stroke-width:0;fill:#19234d"/><g id="Group_1895"><path id="Path_5961" d="M21.42 22.95h-9.24c-.33 0-.6-.27-.6-.6V9.65c0-.33.27-.6.6-.6h5.77c.16-.03.32.08.35.24.03.16-.08.32-.24.35H12.19v12.71h9.24v-9.26c-.03-.16.08-.32.24-.35s.32.08.35.24v9.35c0 .33-.27.59-.59.59" class="clsReportIcon-2"/><path id="Path_5962" d="M21.71 13.4h-3.76c-.17 0-.3-.13-.3-.3V9.34c0-.17.15-.29.31-.29.07 0 .13.03.19.08l3.76 3.76a.3.3 0 0 1-.02.42c-.05.05-.12.07-.19.08m-3.46-.59h2.75l-2.75-2.75v2.75Z" class="clsReportIcon-2"/><path id="Path_5963" d="M16.79 21.21c-1.92 0-3.48-1.56-3.48-3.48s1.56-3.48 3.48-3.48 3.48 1.56 3.48 3.48-1.56 3.48-3.48 3.48m0-6.36c-1.59 0-2.89 1.29-2.89 2.89s1.29 2.89 2.89 2.89 2.89-1.29 2.89-2.89c0-1.59-1.29-2.89-2.89-2.89" class="clsReportIcon-2"/><path id="Path_5964" d="M19.98 18.03H16.8c-.17 0-.3-.13-.3-.3v-3.18c.03-.16.18-.27.35-.24.12.02.22.12.24.24v2.89h2.89c.16-.03.32.08.35.24.03.16-.08.32-.24.35h-.1" class="clsReportIcon-2"/><path id="Path_5965" d="M14.67 20.15c-.17 0-.29-.15-.29-.31 0-.07.03-.13.08-.19l2.12-2.12c.1-.14.28-.17.42-.07.14.1.17.28.07.42-.02.03-.04.05-.07.07l-2.12 2.12c-.06.05-.13.09-.21.09" class="clsReportIcon-2"/></g></g></svg> <h5>Reports</h5> </a> <a href="/resources/library?resourceType%5B%5D=Webinar"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" viewBox="0 0 32 32"><defs><style>.clsWebinarIcon-2{stroke-width:0;fill:#fff}</style></defs><g id="Group_1937"><path id="Path_6008" d="M16 0c8.84 0 16 7.16 16 16s-7.16 16-16 16S0 24.84 0 16 7.16 0 16 0Z" style="stroke-width:0;fill:#19234d"/><g id="Group_1896"><path id="Path_5966" d="M15.95 11.33c-.17 0-.3-.13-.3-.3V9.29c.03-.16.18-.27.35-.24.12.02.22.12.24.24v1.74c0 .17-.13.3-.3.3" class="clsWebinarIcon-2"/><path id="Path_5967" d="M20 22.9c-.1 0-.19-.05-.24-.13l-1.83-2.6a.29.29 0 0 1 0-.42.29.29 0 0 1 .42 0c.03.02.05.05.06.09l1.83 2.6a.307.307 0 0 1-.25.47" class="clsWebinarIcon-2"/><path id="Path_5968" d="M11.9 22.9c-.17 0-.3-.14-.29-.31 0-.06.02-.11.05-.16l1.83-2.6c.07-.15.25-.22.4-.14.15.07.22.25.14.4-.01.03-.04.06-.06.09l-1.83 2.6c-.06.08-.15.13-.24.12" class="clsWebinarIcon-2"/><path id="Path_5969" d="M21.73 20.29H10.16c-.17 0-.3-.13-.3-.3v-8.68c-.03-.16.08-.32.24-.35s.32.08.35.24v8.48h10.99v-.86c-.03-.16.08-.32.24-.35s.32.08.35.24v1.26c0 .17-.13.3-.3.3" class="clsWebinarIcon-2"/><path id="Path_5970" d="M21.73 15.38c-.17 0-.3-.13-.3-.3v-3.76c-.03-.16.08-.32.24-.35s.32.08.35.24v3.86c0 .17-.13.3-.3.3" class="clsWebinarIcon-2"/><path id="Path_5971" d="M22.6 11.33H9.3a.299.299 0 0 1-.24-.35c.02-.12.12-.22.24-.24h13.3c.16.03.27.18.24.35-.02.12-.12.22-.24.24" class="clsWebinarIcon-2"/><path id="Path_5972" d="M22.6 17.4s-.07 0-.1-.02l-8.1-2.89a.306.306 0 0 1-.11-.41c.06-.11.19-.17.31-.15l8.1 2.89c.15.07.22.25.15.4-.04.1-.14.17-.25.18" class="clsWebinarIcon-2"/></g></g></svg> <h5>Webinars</h5> </a> <a href="/resources/library?resourceType%5B%5D=Data%20Sheet%20/%20Solution%20Brief"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" viewBox="0 0 32 32"><defs><style>.clsdatasheetIcon-2{stroke-width:0;fill:#fff}</style></defs><g id="Group_1938"><circle id="Ellipse_46" cx="16" cy="16" r="16" style="stroke-width:0;fill:#19234d"/><g id="Group_1893"><path id="Path_5952" d="M20.84 22.9H11.6c-.33 0-.6-.27-.6-.6V9.6c0-.33.27-.6.6-.6h5.77c.16-.03.32.08.35.24.03.16-.08.32-.24.35H11.61v12.72h9.24v-9.25c-.03-.16.08-.32.24-.35s.32.08.35.24v9.35c0 .33-.27.59-.59.59" class="clsdatasheetIcon-2"/><path id="Path_5953" d="M21.13 13.35h-3.76c-.17 0-.3-.13-.3-.3V9.29c0-.17.15-.29.31-.29.07 0 .13.03.19.08l3.76 3.76a.3.3 0 0 1-.02.42c-.05.05-.12.07-.19.08m-3.46-.59h2.75L17.66 10v2.75Z" class="clsdatasheetIcon-2"/><path id="Path_5954" d="M17.46 16.06c-.56 0-1.02-.46-1.02-1.02s.46-1.02 1.02-1.02 1.02.46 1.02 1.02-.46 1.02-1.02 1.02m0-1.45c-.24 0-.43.19-.43.43s.19.43.43.43.43-.19.43-.43-.19-.43-.43-.43" class="clsdatasheetIcon-2"/><path id="Path_5955" d="M16.3 18.66c-.56 0-1.02-.46-1.02-1.02s.46-1.02 1.02-1.02 1.02.46 1.02 1.02-.46 1.02-1.02 1.02m0-1.45c-.24 0-.43.19-.43.43s.19.43.43.43.43-.19.43-.43-.19-.43-.43-.43" class="clsdatasheetIcon-2"/><path id="Path_5956" d="M13.7 20.1c-.56 0-1.02-.46-1.02-1.02s.46-1.02 1.02-1.02 1.02.46 1.02 1.02-.46 1.02-1.02 1.02m0-1.44c-.24 0-.43.19-.43.43s.19.43.43.43.43-.19.43-.43-.19-.43-.43-.43" class="clsdatasheetIcon-2"/><path id="Path_5957" d="M18.9 21.26c-.56 0-1.02-.46-1.02-1.02s.46-1.02 1.02-1.02 1.02.46 1.02 1.02-.46 1.02-1.02 1.02m0-1.44c-.24 0-.43.19-.43.43s.19.43.43.43.43-.19.43-.43-.19-.43-.43-.43" class="clsdatasheetIcon-2"/><path id="Path_5958" d="M18.39 20.03c-.08 0-.15-.03-.21-.09l-1.58-1.58a.294.294 0 0 1-.07-.42c.1-.14.28-.17.42-.07.03.02.05.04.07.07l1.58 1.58a.3.3 0 0 1-.02.42c-.05.05-.12.07-.19.08" class="clsdatasheetIcon-2"/><path id="Path_5959" d="M14.33 19.03c-.17 0-.29-.15-.28-.32 0-.1.06-.19.14-.24l1.34-.74a.3.3 0 0 1 .28.52l-1.34.74s-.09.04-.14.04" class="clsdatasheetIcon-2"/><path id="Path_5960" d="M16.58 17.27s-.08 0-.12-.03a.301.301 0 0 1-.15-.39l.58-1.28c.09-.14.28-.17.42-.08.1.07.15.2.12.32l-.58 1.28c-.05.11-.15.17-.27.17" class="clsdatasheetIcon-2"/></g></g></svg> <h5>Data Sheets</h5> </a> <a href="/esentire-mdr-vs-everyone"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" viewBox="0 0 32 32"><defs><style>.clsRealVsFakeIcon-2{stroke-width:0;fill:#fff}</style></defs><g id="Group_1933"><g id="Group_1932"><circle id="Ellipse_48" cx="16" cy="16" r="16" style="stroke-width:0;fill:#19234d"/></g><g id="Group_1924"><path id="Path_6040" d="M16.15 17.96c-.18 0-.32-.15-.32-.32 0-.15.11-.28.25-.31.04 0 1.05-.26 1.13-1.86-.45-.2-.88-.46-1.27-.77-.14-.11-.16-.31-.05-.45s.31-.16.45-.05c.39.31.83.56 1.3.74.13.04.22.16.22.3 0 2.34-1.58 2.69-1.65 2.7h-.06" class="clsRealVsFakeIcon-2"/><path id="Path_6041" d="M16.15 17.96h-.06c-.07-.01-1.65-.36-1.65-2.7 0-.14.09-.26.22-.3.47-.18.91-.43 1.3-.74.14-.11.34-.09.45.05s.09.34-.05.45c-.39.31-.82.56-1.27.77.09 1.63 1.12 1.86 1.13 1.86.17.04.28.21.25.38-.03.15-.16.25-.31.25" class="clsRealVsFakeIcon-2"/><path id="Path_6042" d="M10.38 21.55c-.18 0-.32-.14-.32-.32 0-.08.03-.16.09-.22l3.54-3.54c.13-.12.33-.12.45.01.12.12.12.32 0 .44l-3.54 3.54c-.06.06-.14.09-.23.09" class="clsRealVsFakeIcon-2"/><path id="Path_6043" d="M13.96 20.69c-.18 0-.32-.14-.32-.32v-2.36h-2.36c-.18 0-.33-.12-.34-.3s.12-.33.3-.34h2.72c.18 0 .32.14.32.32v2.68c0 .18-.14.32-.32.32" class="clsRealVsFakeIcon-2"/><path id="Path_6044" d="M18.18 14.14c-.18 0-.32-.14-.32-.32 0-.08.03-.16.09-.22l3.54-3.54c.13-.12.33-.12.45.01.12.12.12.32 0 .44l-3.54 3.54c-.06.06-.14.09-.23.09" class="clsRealVsFakeIcon-2"/><path id="Path_6045" d="M20.72 14.28h-2.68c-.18 0-.32-.14-.32-.32v-2.68c0-.18.12-.33.3-.34.18 0 .33.12.34.3v2.4h2.36c.18 0 .33.12.34.3 0 .18-.12.33-.3.34h-.04" class="clsRealVsFakeIcon-2"/><path id="Path_6046" d="M16 25.03c-.18 0-.32-.14-.32-.32v-1.74c0-.18.12-.33.3-.34.18 0 .33.12.34.3v1.78c0 .18-.14.32-.32.32" class="clsRealVsFakeIcon-2"/><path id="Path_6047" d="M16 9.35c-.18 0-.32-.14-.32-.32V7.29c0-.18.12-.33.3-.34.18 0 .33.12.34.3v1.78c0 .18-.14.32-.32.32" class="clsRealVsFakeIcon-2"/><path id="Path_6048" d="M24.71 16.32h-1.74c-.18 0-.33-.12-.34-.3s.12-.33.3-.34h1.78c.18 0 .33.12.34.3s-.12.33-.3.34h-.04" class="clsRealVsFakeIcon-2"/><path id="Path_6049" d="M9.03 16.32H7.29c-.18 0-.33-.12-.34-.3s.12-.33.3-.34h1.78c.18 0 .33.12.34.3s-.12.33-.3.34h-.04" class="clsRealVsFakeIcon-2"/><path id="Path_6050" d="M9.72 18.97a.32.32 0 0 1-.29-.19c-1.53-3.63.18-7.82 3.81-9.35 1.77-.75 3.77-.75 5.54 0 .17.06.25.24.19.41-.06.17-.24.25-.41.19 0 0-.02 0-.03-.01-3.31-1.4-7.12.15-8.52 3.46a6.53 6.53 0 0 0 0 5.06c.07.16 0 .35-.17.42-.04.02-.08.02-.12.03" class="clsRealVsFakeIcon-2"/><path id="Path_6051" d="M16 23.14c-.95 0-1.9-.19-2.77-.56a.315.315 0 0 1-.19-.41c.06-.17.24-.25.41-.19 0 0 .02 0 .03.01a6.499 6.499 0 0 0 8.66-8.15.31.31 0 0 1 .22-.39c.15-.04.31.03.38.18 1.31 3.72-.64 7.8-4.36 9.11-.76.27-1.56.41-2.37.41" class="clsRealVsFakeIcon-2"/><path id="Path_6052" d="M12.21 15.94c-.18 0-.32-.14-.32-.32a3.73 3.73 0 0 1 3.73-3.73c.18 0 .31.16.3.34 0 .16-.14.29-.3.3-1.71 0-3.09 1.38-3.09 3.09 0 .18-.14.32-.32.32" class="clsRealVsFakeIcon-2"/><path id="Path_6053" d="M16.38 20.11c-.18 0-.31-.16-.3-.34 0-.16.14-.29.3-.3 1.71 0 3.09-1.38 3.09-3.09 0-.18.12-.33.3-.34.18 0 .33.12.34.3v.04a3.73 3.73 0 0 1-3.73 3.73" class="clsRealVsFakeIcon-2"/></g></g></svg> <h5>Real vs. Fake MDR</h5> </a> <a href="/esentire-mdr-vs-everyone/compare"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" data-name="Layer 1" version="1.1" viewBox="0 0 32 32"><defs><style>.cls-Comparison-2{stroke-width:0;fill:#fff}</style></defs><g id="Group_1933" data-name="Group 1933"><g id="Group_1932" data-name="Group 1932"><circle id="Ellipse_48" cx="16" cy="16" r="16" data-name="Ellipse 48" style="stroke-width:0;fill:#19234d"/></g><path d="M18.2 18.2c.2 0 .3-.1.3-.3v-7.1h3v7.1c0 .2.1.3.3.3s.3-.1.3-.3v-7.4c0-.2-.1-.3-.3-.3h-3.7c-.2 0-.3.1-.3.3v7.4c0 .2.1.3.3.3Z" class="cls-Comparison-2"/><path d="M20.1 24.1c.1 0 .2 0 .3-.1l4.4-5.9v-.3c0-.1-.2-.2-.3-.2h-2.6c-.2 0-.3.1-.3.3s.1.3.3.3h1.9l-3.8 5-3.8-5h1.9c.2 0 .3-.1.3-.3s-.1-.3-.3-.3h-2.6c-.1 0-.2 0-.3.2v.3l4.4 5.9s.2.1.3.1ZM10.1 21.9h3.7c.2 0 .3-.1.3-.3v-7.4c0-.2-.1-.3-.3-.3s-.3.1-.3.3v7.1h-3v-7.1c0-.2-.1-.3-.3-.3s-.3.1-.3.3v7.4c0 .2.1.3.3.3Z" class="cls-Comparison-2"/><path d="M7.5 14.5h2.6c.2 0 .3-.1.3-.3s-.1-.3-.3-.3H8.2l3.8-5 3.8 5h-1.9c-.2 0-.3.1-.3.3s.1.3.3.3h2.6c.1 0 .2 0 .3-.2V14l-4.4-5.9s-.2-.1-.3-.1c-.1 0-.2 0-.3.1L7.4 14v.3c0 .1.2.2.3.2Z" class="cls-Comparison-2"/></g></svg> <h5>Compare MDR Vendors</h5> </a> <a class="Resources__Links--Mobile" href="/resources/blog"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_2" viewBox="0 0 32 32"><defs><clipPath id="clippath"><path d="M9.09 7.71H22.9v16.58H9.09z" style="stroke-width:0;fill:none"/></clipPath><style>.clsBlogNavIcon-4{stroke-width:0;fill:#fff}</style></defs><g id="Layer_1-2"><g id="Group_2087"><g id="Group_1933"><g id="Group_1932"><circle id="Ellipse_48" cx="16" cy="16" r="16" style="fill:#172143;stroke-width:0"/></g><g id="Group_2091" style="clip-path:url(#clippath)"><g id="Group_2090"><path id="Path_6299" d="M15.14 18.51c-.19 0-.34-.15-.34-.34 0-.09.04-.17.1-.24l5.63-5.63c.14-.12.35-.11.48.02.12.13.12.32 0 .45l-5.63 5.63a.35.35 0 0 1-.24.1" class="clsBlogNavIcon-4"/><path id="Path_6300" d="M16.6 19.96c-.19 0-.34-.15-.34-.34 0-.09.04-.17.1-.24l5.63-5.63c.14-.12.35-.11.48.02.12.13.12.32 0 .45l-5.63 5.63a.35.35 0 0 1-.24.1" class="clsBlogNavIcon-4"/><path id="Path_6301" d="M22.27 14.29c-.19 0-.34-.15-.34-.34 0-.09.04-.17.1-.24.27-.27.27-.71 0-.98a.713.713 0 0 0-.98 0c-.12.14-.34.15-.48.02a.335.335 0 0 1-.02-.48l.02-.02c.52-.55 1.38-.58 1.93-.06s.58 1.38.06 1.93l-.06.06a.35.35 0 0 1-.24.1" class="clsBlogNavIcon-4"/><path id="Path_6302" d="M14.27 20.83c-.19 0-.34-.15-.34-.34 0-.04 0-.08.02-.12l.87-2.33c.06-.18.25-.28.42-.22s.28.25.22.42c0 .01 0 .02-.01.03l-.61 1.63 1.63-.61c.18-.05.37.05.42.22a.34.34 0 0 1-.19.41l-2.33.87s-.08.02-.12.02" class="clsBlogNavIcon-4"/><path id="Path_6303" d="M21.18 10.46c-.19 0-.34-.15-.34-.33V8.59c0-.11-.09-.19-.2-.19H13.7a.335.335 0 0 1-.32-.35c0-.17.15-.31.32-.32h6.95c.48 0 .87.39.87.87v1.54c0 .19-.15.34-.33.34" class="clsBlogNavIcon-4"/><path id="Path_6304" d="M20.65 24.29H9.96a.87.87 0 0 1-.87-.87V12.29a.33.33 0 0 1 .32-.35c.19-.01.34.13.35.32v11.17c0 .11.09.19.2.19h10.68c.11 0 .2-.09.2-.19v-5.35a.33.33 0 0 1 .32-.35c.19-.01.34.13.35.32v5.39c0 .48-.39.87-.87.87" class="clsBlogNavIcon-4"/><path id="Path_6305" d="M13.58 12.53H9.43c-.19 0-.34-.15-.33-.34 0-.09.04-.17.1-.24l4.15-4.15c.13-.13.34-.13.48 0 .06.06.1.15.1.24v4.15c0 .19-.15.34-.33.34m-3.36-.67h3v-3l-3 3Z" class="clsBlogNavIcon-4"/><path id="Path_6306" d="M21.53 14.95a.35.35 0 0 1-.24-.1l-1.38-1.38a.335.335 0 0 1-.02-.48c.12-.14.34-.15.48-.02l.02.02 1.38 1.38c.13.13.13.35 0 .48a.35.35 0 0 1-.24.1" class="clsBlogNavIcon-4"/></g></g></g></g></g></svg> <h5>Blogs</h5> </a> <a class="Resources__Links--Mobile" href="/resources/security-advisories"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_2" viewBox="0 0 32 32"><defs><clipPath id="clippath"><path d="M8.48 6.97h15.04v18.06H8.48z" style="stroke-width:0;fill:none"/></clipPath><style>.clsSANavIconTop-4{stroke-width:0;fill:#fff}</style></defs><g id="Layer_1-2"><g id="Group_2086"><g id="Group_1933"><g id="Group_1932"><circle id="Ellipse_48" cx="16" cy="16" r="16" style="fill:#172143;stroke-width:0"/></g><g id="Group_2089" style="clip-path:url(#clippath)"><g id="Group_2088"><path id="Path_6292" d="M16 25.03c-.19 0-.34-.16-.34-.34 0-.14.09-.27.23-.32 6.93-2.44 6.95-10.6 6.95-10.68 0-.19.15-.34.34-.34.19 0 .34.15.34.34 0 .09-.01 8.73-7.41 11.33-.04.01-.07.02-.11.02" class="clsSANavIconTop-4"/><path id="Path_6293" d="M23.18 14.03c-.19 0-.34-.15-.34-.34V9.93h-1.41c-.19 0-.34-.15-.34-.34s.15-.34.34-.34h1.53c.31 0 .57.26.57.57v3.88c0 .19-.15.34-.34.34" class="clsSANavIconTop-4"/><path id="Path_6294" d="M16 25.03s-.08 0-.11-.02c-7.39-2.6-7.41-11.24-7.41-11.33 0-.18.14-.34.33-.34h.02c.19 0 .34.16.34.34 0 .08.02 8.24 6.95 10.68a.346.346 0 0 1-.11.67" class="clsSANavIconTop-4"/><path id="Path_6295" d="M8.82 14.03c-.19 0-.34-.15-.34-.34V9.81c0-.31.26-.57.57-.57h1.53c.19 0 .34.15.34.34s-.15.34-.34.34H9.16v3.76c0 .19-.15.34-.34.34" class="clsSANavIconTop-4"/><path id="Path_6296" d="M21.4 9.92c-2.02.12-3.99-.64-5.4-2.08a6.978 6.978 0 0 1-5.4 2.08c-.19 0-.34-.15-.34-.34s.15-.34.34-.34c1.39.04 2.76-.33 3.94-1.05.45-.28.84-.63 1.15-1.06.06-.1.17-.16.29-.16h.04c.12 0 .22.06.29.16.32.42.71.78 1.16 1.05 1.18.73 2.55 1.1 3.94 1.05.19 0 .34.15.34.34s-.15.34-.34.34" class="clsSANavIconTop-4"/><path id="Path_6297" d="M16 17.97c-.19 0-.34-.15-.34-.34v-5.4c0-.19.15-.34.34-.34.19 0 .34.15.34.34v5.4c0 .19-.15.34-.34.34" class="clsSANavIconTop-4"/><path id="Path_6298" d="M16.53 19.78c0 .29-.24.53-.53.53s-.53-.24-.53-.53c0-.29.24-.53.53-.53.29 0 .53.24.53.53" class="clsSANavIconTop-4"/></g></g></g></g></g></svg> <h5>Security Advisories</h5> </a> </div> <div class="Resources__BoxCTA"> <a href="/resources/library"> EXPLORE LIBRARY <span>→</span> </a> </div> </div> </div> <div class="Resources__SecurityBox"> <div class="Resources__Links"> <div class="Resources__SecurityBoxAdvisories"> <h6>SECURITY ADVISORIES</h6> <a href="https://www.esentire.com/security-advisories/palo-alto-zero-day-vulnerability-cve-2024-0012"> <span class="Resources__Eyebrow">Nov 18, 2024</span> <h5>Palo Alto Zero-Day Vulnerability (CVE-2024-0012)</h5> <p> THE THREAT On November 18th, 2024, Palo Alto disclosed a critical actively exploited authentication bypass zero-day vulnerability impacting Palo Alto Networks PAN-OS. The…</p> </a> <a href="https://www.esentire.com/security-advisories/poc-released-for-citrix-vulnerabilities"> <span class="Resources__Eyebrow">Nov 13, 2024</span> <h5>PoC Released for Citrix Vulnerabilities</h5> <p> THE THREAT Update: eSentire has observed multiple exploitation attempts targeting CVE-2024-8069. In real-world attacks, threat actors successfully achieved RCE and attempted to…</p> </a> </div> <div class="Resources__BoxCTA"> <a href="/resources/security-advisories"> View Advisories <span>→</span> </a> </div> </div> </div> </div> </div> </div>  <div class="Company NavBar__SubMenu" data-menu="company"> <div class="Company__Wrapper"> <div class="MobileDropdownNav"> <button class="MobileDropdownNav__BackButton" type="button"> <svg width="6" height="9" viewBox="0 0 6 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M5.92383 7.75391L4.92773 8.75L0.677734 4.5L4.92773 0.25L5.92383 1.24609L2.66992 4.5L5.92383 7.75391Z" fill="#3C2B77"/> </svg> <span>Back</span> </button> <div class="MobileDropdownNav__Title">Company</div> </div> <div class="Company__Content"> <div class="Company__About"> <div class="Company__Links"> <h6>ABOUT ESENTIRE</h6> <p>eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.</p> <a href="/company/about-us"><h5>About Us <span class="Resources__LinksArrow"><em>→</em></span></h5></a> <a href="/company/leadership"><h5>Leadership <span class="Resources__LinksArrow"><em>→</em></span></h5></a> <a href="/company/careers"><h5>Careers <span class="Resources__LinksArrow"><em>→</em></span></h5></a> <a class="Company__Links--Mobile" href="/company/event-calendar"><h5>Event Calendar <span class="Resources__LinksArrow"><em>→</em></span></h5></a> <a class="Company__Links--Mobile" href="/company/newsroom"><h5>Newsroom <span class="Resources__LinksArrow"><em>→</em></span></h5></a> </div> </div> <div class="Company__Calendar"> <div class="Company__Links"> <h6>EVENT CALENDAR</h6> <div class="Company__Event"> <div class="Company__CalendarDate"> <div class="Company__Month">Nov</div> <div class="Company__Day">21</div> </div> <h5>SkyHigh Cook Out</h5> </div> <div class="Company__Event"> <div class="Company__CalendarDate"> <div class="Company__Month">Dec</div> <div class="Company__Day">04</div> </div> <h5>TechTalk Soho House Dinner, Chicago</h5> </div> <div class="Company__Event"> <div class="Company__CalendarDate"> <div class="Company__Month">Dec</div> <div class="Company__Day">10</div> </div> <h5>December TRU Intelligence Briefing</h5> </div> <div class="Company__Event"> <div class="Company__CalendarDate"> <div class="Company__Month">Jan</div> <div class="Company__Day">15</div> </div> <h5>Security Leaders Dinner, Denver</h5> </div> <div class="Company__Event"> <div class="Company__CalendarDate"> <div class="Company__Month">Jan</div> <div class="Company__Day">16</div> </div> <h5>FutureCon Los&nbsp;Angeles</h5> </div> </div> <div class="Company__BoxCTA"> <a href="/company/event-calendar"> View Calendar <span>→</span> </a> </div> </div> <div class="Company__PressRelease"> <div class="Company__Links"> <h6>LATEST PRESS RELEASE</h6> <a href="https://www.esentire.com/news-releases/esentire-expands-partnership-with-td-synnex-to-bring-esentires-award-winning-24-7-mdr-and-soc-services-to-organizations-across-north-america"> <span class="Resources__Eyebrow">Aug 09, 2024</span> <h5>eSentire Expands Partnership with TD SYNNEX to Bring eSentire’s Award-Winning, 24/7 MDR and SOC Services to Organizations Across North America</h5> <p> Waterloo, Ontario, August 12, 2024 — eSentire, a leading global Managed Detection and Response (MDR) provider, today announced it has expanded its partnership with TD SYNNEX, a leading global distributor and solutions aggregator for the IT ecosystem. eSentire’s all-in-one, 24/7…</p> </a> </div> <div class="Company__BoxCTA"> <a href="/company/newsroom"> View Newsroom <span>→</span> </a> </div> </div> </div> </div> </div>  <div class="Partners NavBar__SubMenu" data-menu="partners"> <div class="Partners__Wrapper"> <div class="MobileDropdownNav"> <button class="MobileDropdownNav__BackButton" type="button"> <svg width="6" height="9" viewBox="0 0 6 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M5.92383 7.75391L4.92773 8.75L0.677734 4.5L4.92773 0.25L5.92383 1.24609L2.66992 4.5L5.92383 7.75391Z" fill="#3C2B77"/> </svg> <span>Back</span> </button> <div class="MobileDropdownNav__Title">Partners</div> </div> <div class="Partners__Content"> <div class="Partners__PartnerProgram"> <div class="Partners__Links"> <h6>PARTNER PROGRAM</h6> <div class="Partners__E3Logo"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" viewBox="0 0 119 81.99"><defs><style>.clsEcosystemICON-1{fill:#19234d;stroke-width:0}</style></defs><path d="M39.47 6.27C34.44-.18 25.91-.12 25.91-.12h-8.54S8.84-.18 3.81 6.27C.73 10.21.06 13.97.06 16.59v20.98c0 2.62.67 6.39 3.74 10.32 5.04 6.45 13.56 6.39 13.56 6.39H43.2V42.17H19.95s-3.4.02-5.41-2.55c-1.22-1.57-1.49-3.07-1.49-4.11v-2.45H43.2V16.59c0-2.62-.67-6.39-3.74-10.32M13.04 17.91c0-1.04.27-2.55 1.49-4.11 2-2.57 5.41-2.55 5.41-2.55h3.4s3.4-.02 5.41 2.55c1.22 1.57 1.49 3.07 1.49 4.11v3.2h-17.2v-3.2Z" class="clsEcosystemICON-1"/><path d="m75.52 49.25 7.45-10.32c1.97 1.69 3.87 2.95 5.67 3.77 1.8.82 3.75 1.23 5.84 1.23s4.02-.55 5.63-1.65 2.41-2.86 2.41-5.29c0-1.64-.64-3.14-1.91-4.53-1.27-1.38-3.06-2.07-5.37-2.07-1.3 0-2.47.13-3.51.38-1.04.26-1.76.5-2.16.72l-3.22-5.25 13.54-12.53H80.17V1.6h35.12v9.82l-10.32 11.17c3.72.96 6.64 2.82 8.76 5.58 2.12 2.76 3.18 6.23 3.18 10.41 0 2.82-.61 5.33-1.82 7.53s-2.85 4.05-4.91 5.54-4.35 2.64-6.85 3.43a25.41 25.41 0 0 1-7.66 1.19c-4.01 0-7.74-.61-11.21-1.82-3.47-1.21-6.45-2.95-8.93-5.2Z" style="fill:#40c3d9;stroke-width:0"/><path d="M59.98 0h.76v54.89h-.76z" style="fill:#9ea1aa;stroke-width:0"/><path d="m7.59 76.12.62.53c-.39.48-.92.86-1.59 1.15s-1.35.43-2.05.43c-.88 0-1.67-.2-2.36-.59S.97 76.69.59 75.98s-.58-1.53-.58-2.45c0-.87.18-1.66.55-2.37s.87-1.28 1.52-1.7c.66-.42 1.4-.63 2.25-.63s1.55.19 2.2.56c.65.38 1.15.93 1.52 1.66.37.73.55 1.64.55 2.71H.97c.03.67.19 1.29.5 1.84.3.55.72.99 1.25 1.32s1.15.5 1.85.5c.56 0 1.12-.12 1.7-.35.58-.23 1.01-.55 1.31-.93Zm-6.6-3.13h6.65c-.12-1.09-.47-1.92-1.06-2.5-.59-.58-1.35-.87-2.26-.87-.64 0-1.2.15-1.68.46-.48.3-.87.71-1.15 1.22-.29.51-.45 1.07-.49 1.69ZM21.68 76.12l.62.55c-.36.45-.85.83-1.47 1.12-.62.29-1.31.44-2.07.44-.87 0-1.64-.21-2.31-.62s-1.2-.98-1.59-1.69c-.39-.71-.58-1.51-.58-2.39s.2-1.69.59-2.4c.4-.71.93-1.27 1.61-1.68.68-.42 1.44-.62 2.28-.62.79 0 1.46.14 2.01.42.55.28 1.02.66 1.41 1.15l-.66.51c-.3-.39-.67-.7-1.12-.92s-.99-.34-1.64-.34c-.69 0-1.3.18-1.84.53s-.96.82-1.26 1.41c-.3.59-.46 1.24-.46 1.95s.16 1.35.47 1.94.74 1.06 1.27 1.42c.54.36 1.14.53 1.82.53s1.22-.12 1.72-.35c.5-.23.9-.55 1.2-.93ZM31.81 78.22c-.84 0-1.61-.21-2.31-.63a4.693 4.693 0 0 1-2.29-4.07c0-.87.21-1.66.62-2.37.42-.71.97-1.28 1.67-1.7s1.47-.63 2.31-.63 1.63.21 2.32.63c.69.42 1.25.99 1.66 1.7s.62 1.5.62 2.37-.21 1.66-.62 2.37c-.42.71-.97 1.28-1.66 1.7s-1.47.63-2.32.63Zm0-.8c.7 0 1.33-.18 1.89-.53.56-.35 1-.82 1.32-1.42s.48-1.25.48-1.96-.16-1.35-.5-1.93c-.33-.59-.77-1.07-1.33-1.43s-1.18-.55-1.87-.55-1.33.18-1.89.53c-.56.35-1 .82-1.32 1.41-.32.59-.48 1.25-.48 1.97s.16 1.35.5 1.94.78 1.07 1.34 1.43c.56.36 1.18.55 1.86.55ZM41.99 76.86l.56-.62c.38.38.81.66 1.29.87s1.06.3 1.72.3c.48 0 .92-.06 1.33-.18s.74-.31.98-.55c.25-.25.37-.56.37-.93 0-.44-.11-.77-.34-1-.23-.22-.57-.41-1.02-.55-.45-.14-1.01-.28-1.67-.44a8.86 8.86 0 0 1-1.45-.46c-.42-.18-.75-.42-1-.75-.25-.32-.37-.76-.37-1.3s.16-1 .47-1.36c.31-.36.72-.63 1.22-.81s1.03-.26 1.6-.26c.69 0 1.3.13 1.85.39s.98.59 1.32.99l-.6.55c-.31-.34-.67-.61-1.08-.82s-.9-.31-1.47-.31c-.38 0-.75.04-1.12.13-.37.08-.68.25-.92.49-.25.24-.37.59-.37 1.06 0 .38.14.67.41.9s.62.4 1.05.53.87.25 1.32.35c.49.1.98.24 1.46.42s.88.43 1.2.76c.32.33.48.79.48 1.39s-.18 1.09-.53 1.48c-.35.39-.8.67-1.34.85-.55.18-1.11.27-1.69.27-.83 0-1.54-.12-2.14-.37s-1.1-.58-1.52-.99ZM54.2 81.5l.45-.62c.12.12.28.22.48.31.21.09.43.14.68.14.39 0 .69-.14.9-.41s.42-.66.61-1.17l.74-1.89-3.99-8.82h.99l3.44 7.76 2.97-7.76h.95L58.03 80.1c-.1.26-.24.55-.42.85-.18.31-.41.58-.7.81-.29.22-.66.34-1.12.34-.36 0-.67-.06-.93-.18s-.49-.26-.68-.43ZM67.15 76.86l.56-.62c.38.38.81.66 1.29.87s1.06.3 1.72.3c.48 0 .92-.06 1.33-.18.41-.12.74-.31.98-.55.25-.25.37-.56.37-.93 0-.44-.11-.77-.34-1-.23-.22-.57-.41-1.02-.55s-1.01-.28-1.67-.44a8.86 8.86 0 0 1-1.45-.46c-.42-.18-.75-.42-1-.75s-.37-.76-.37-1.3.16-1 .47-1.36c.31-.36.72-.63 1.22-.81s1.03-.26 1.6-.26c.69 0 1.3.13 1.85.39s.98.59 1.32.99l-.6.55c-.31-.34-.67-.61-1.08-.82-.41-.21-.9-.31-1.47-.31-.38 0-.75.04-1.12.13s-.68.25-.92.49c-.25.24-.37.59-.37 1.06 0 .38.14.67.41.9s.62.4 1.05.53.87.25 1.32.35c.49.1.98.24 1.46.42s.88.43 1.2.76c.32.33.48.79.48 1.39s-.18 1.09-.53 1.48c-.35.39-.8.67-1.34.85-.55.18-1.11.27-1.69.27-.83 0-1.54-.12-2.14-.37s-1.1-.58-1.52-.99ZM81.36 75.24v-5.39h-1.79v-.82h1.79v-2.95h.87v2.95h2.95v.82h-2.95v5.17c0 .7.07 1.22.21 1.57s.34.57.57.67c.24.1.51.16.83.16s.6-.06.83-.18c.23-.12.47-.32.7-.6l.55.53c-.26.34-.55.59-.88.78s-.76.27-1.29.27c-.47 0-.88-.08-1.24-.25s-.64-.47-.85-.9c-.2-.43-.3-1.04-.3-1.83ZM98 76.12l.62.53c-.39.48-.92.86-1.59 1.15s-1.35.43-2.05.43c-.88 0-1.67-.2-2.36-.59s-1.24-.95-1.62-1.66-.58-1.53-.58-2.45c0-.87.18-1.66.55-2.37.36-.71.87-1.28 1.52-1.7.66-.42 1.4-.63 2.25-.63s1.55.19 2.2.56 1.16.93 1.52 1.66.55 1.64.55 2.71h-7.62c.03.67.19 1.29.5 1.84.3.55.72.99 1.25 1.32s1.15.5 1.85.5c.56 0 1.12-.12 1.7-.35.58-.23 1.01-.55 1.31-.93Zm-6.59-3.13h6.65c-.12-1.09-.47-1.92-1.06-2.5-.59-.58-1.35-.87-2.26-.87-.64 0-1.2.15-1.68.46-.48.3-.87.71-1.15 1.22-.29.51-.45 1.07-.49 1.69ZM105.17 77.98v-8.16c0-.23-.01-.49-.04-.78h.82c.03.29.04.54.05.77s.01.59.01 1.1c.14-.27.35-.57.63-.9s.64-.61 1.1-.85 1-.36 1.65-.36c.87 0 1.53.18 1.98.55s.77.88.95 1.54c.13-.24.35-.53.66-.85s.71-.61 1.19-.87c.48-.25 1.04-.38 1.67-.38.8 0 1.43.16 1.89.48s.79.77.97 1.36c.19.59.28 1.29.28 2.09v5.25h-.87v-4.96c0-.9-.1-1.59-.28-2.08-.19-.49-.46-.83-.81-1.03s-.79-.29-1.3-.29c-.58 0-1.12.15-1.6.46s-.87.7-1.17 1.19-.44 1.01-.44 1.57v5.15h-.88v-4.96c0-.9-.09-1.59-.27-2.08s-.45-.83-.8-1.03-.79-.29-1.3-.29c-.71 0-1.31.19-1.79.58s-.84.87-1.08 1.45c-.24.58-.36 1.15-.36 1.72v4.61h-.88Z" class="clsEcosystemICON-1"/></svg> <div class="Partners__E3LogoInner"> <p>We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.</p> <div class="Partners__BoxCTA"> <a href="/partners"> LEARN MORE <span>→</span> </a> </div> </div> </div> </div> </div> <div class="Partners__Box"> <div class="Partners__BoxInner"> <div class="Partners__BoxLeft"> <div class="Partners__Links"> <a href="/partners/become-a-partner"> <p>Apply to become an e3 ecosystem partner with eSentire today.</p> </a> </div> </div> <div class="Partners__BoxRight"> <a href="/partners/become-a-partner">APPLY NOW <span>→</span></a> </div> </div> <div class="Partners__BoxInner"> <div class="Partners__BoxLeft"> <div class="Partners__Links"> <a href="https://esentire.channeltivity.com/Login" target="_blank"> <p>Login to the Partner Portal for resources and content for current partners.</p> </a> </div> </div> <div class="Partners__BoxRight"> <a href="https://esentire.channeltivity.com/Login" target="_blank">LOGIN NOW <span>→</span></a> </div> </div> </div> </div> </div> </div>  <div class="Search NavBar__SubMenu" data-menu="search"> <div class="Search__Wrapper"> <div class="MobileDropdownNav"> <button class="MobileDropdownNav__BackButton" type="button"> <svg width="6" height="9" viewBox="0 0 6 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M5.92383 7.75391L4.92773 8.75L0.677734 4.5L4.92773 0.25L5.92383 1.24609L2.66992 4.5L5.92383 7.75391Z" fill="#3C2B77"/> </svg> <span>Back</span> </button> <div class="MobileDropdownNav__Title">Search</div> </div> <div class="Search__Content"> <h3>Search our site</h3> <form action="/search/results" class="filter"> <div class="Search__TopField"> <svg xmlns="http://www.w3.org/2000/svg" width="24.417" height="24.416"><g data-name="Group 92" fill="none" stroke="#000" stroke-linecap="round" stroke-linejoin="round" stroke-width="2"><path data-name="Path 4" d="M19.7 10.351a9.352 9.352 0 1 0-9.349 9.349 9.353 9.353 0 0 0 9.349-9.349Z"/><path data-name="Line 1" d="m17.723 17.722 5.28 5.28"/></g></svg> <input id="searchField" type="search" name="q" placeholder="Enter a keyword" class="Search__SearchField" autofocus> <input type="submit" value="Search" class="Search__SubmitButton"> </div> </form> <h4>Quick Links</h4> <div class="Search__QuickLinks"> <a class="Search__QuickLink" href="/what-we-do/esentire-managed-detection-and-response"> <h5>ALL-IN-ONE MDR SERVICE <span>→</span></h5> <p>Multi-Signal MDR with 300+ technology integrations to support your existing investments.</p> </a> <a class="Search__QuickLink" href="/what-we-do/security-operations-center"> <h5>24/7 SOC SUPPORT <span>→</span></h5> <p>24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.</p> </a> <a class="Search__QuickLink" href="/how-we-do-it/mdr-pricing-packaging"> <h5>ESENTIRE MDR PRICING <span>→</span></h5> <p>Three MDR package tiers are available based on per-user pricing and level of risk tolerance.</p> </a> <a class="Search__QuickLink" href="/resources/tru-intelligence-center"> <h5>TRU INTELLIGENCE CENTER <span>→</span></h5> <p>The latest security advisories, blogs, reports, industry publications and webinars published by TRU.</p> </a> <a class="Search__QuickLink" href="/esentire-mdr-vs-everyone/compare"> <h5>MDR VENDOR COMPARISONS <span>→</span></h5> <p>Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.</p> </a> <a class="Search__QuickLink" href="/resources/mdr-and-cybersecurity-case-studies"> <h5>MDR CASE STUDIES <span>→</span></h5> <p>See why 2000+ organizations globally have chosen eSentire for their MDR Solution.</p> </a> </div> </div> </div> </div>  <div class="GetStartedNav NavBar__SubMenu" data-menu="getStarted"> <div class="GetStartedNav__Wrapper"> <div class="MobileDropdownNav"> <button class="MobileDropdownNav__BackButton" type="button"> <svg width="6" height="9" viewBox="0 0 6 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M5.92383 7.75391L4.92773 8.75L0.677734 4.5L4.92773 0.25L5.92383 1.24609L2.66992 4.5L5.92383 7.75391Z" fill="#3C2B77"/> </svg> <span>Back</span> </button> <div class="MobileDropdownNav__Title">Get Started</div> </div> <div class="GetStartedNav__Content"> <div class="GetStartedNav__Links"> <a href="/get-started"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 51 51"><path d="M5 0h46v51H5c-2.76 0-5-2.24-5-5V5c0-2.76 2.24-5 5-5Z" style="fill:#263c91;stroke-width:0"/><path d="M33.11 16.61a7.879 7.879 0 0 0-5.79-2.73h-3.65a7.879 7.879 0 0 0-5.79 2.73 7.08 7.08 0 0 0-1.6 4.41v8.96c.02 1.61.58 3.16 1.6 4.41a7.879 7.879 0 0 0 5.79 2.73H34.7v-5.17h-9.92c-.89-.02-1.73-.42-2.31-1.09a2.81 2.81 0 0 1-.64-1.75v-1.05h12.86v-7.03a7.102 7.102 0 0 0-1.6-4.41m-11.26 4.97c0-.64.23-1.26.64-1.76.58-.67 1.42-1.07 2.31-1.09h1.45c.89.02 1.72.41 2.3 1.09.41.5.63 1.12.64 1.76v1.36h-7.34v-1.36Z" style="fill:none;stroke:#fff;stroke-linecap:round;stroke-linejoin:round"/></svg> <h5>Get Started <span class="GetStartedNav__LinksArrow"><em>→</em></span></h5> </a> <a href="/build-a-quote"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" viewBox="0 0 51 51"><defs><style>.clsNavBAQ-1{fill:#fff;stroke-width:0}</style></defs><g id="Group_2081"><path id="Rectangle_3064" d="M5 0h46v51H5c-2.76 0-5-2.24-5-5V5c0-2.76 2.24-5 5-5Z" style="fill:#696de3;stroke-width:0"/><g id="Group_2077"><path id="Path_1056" d="M19.7 22.53a1.14 1.14 0 1 1 1.14-1.14c0 .63-.51 1.14-1.14 1.14m-.04-1.14s.02.04.03.04l-.04-.04Z" class="clsNavBAQ-1"/><path id="Path_1057" d="M19.7 26.93a1.14 1.14 0 1 1 1.14-1.14c0 .63-.51 1.14-1.14 1.14m-.04-1.14s.02.04.03.04l-.04-.04Z" class="clsNavBAQ-1"/><path id="Path_1058" d="M26.29 39.01H15.88c-.32 0-.59-.26-.59-.59V14.8c0-.32.26-.59.58-.59h4.56a.591.591 0 0 1 0 1.18h-3.98v22.46h9.83a.591.591 0 0 1 0 1.18" class="clsNavBAQ-1"/><path id="Path_1059" d="M34.56 29.68c-.32 0-.59-.26-.59-.59v-13.7H30a.591.591 0 0 1 0-1.18h4.56c.32 0 .59.26.59.59v14.29c0 .32-.26.59-.59.59" class="clsNavBAQ-1"/><path id="Path_1060" d="M27.86 17.04h-5.28c-1.26.03-2.31-.97-2.35-2.24v-1.65a.591.591 0 0 1 1.18 0v1.65c.03.62.56 1.09 1.17 1.06h5.27c.62.03 1.15-.44 1.18-1.06v-1.65a.591.591 0 0 1 1.18 0v1.65a2.306 2.306 0 0 1-2.35 2.24" class="clsNavBAQ-1"/><path id="Path_1061" d="M29.59 13.74h-8.77a.591.591 0 0 1 0-1.18h8.77a.591.591 0 0 1 0 1.18" class="clsNavBAQ-1"/><path id="Path_1062" d="M31.27 21.99h-7.72a.591.591 0 0 1 0-1.18h7.72a.591.591 0 0 1 0 1.18" class="clsNavBAQ-1"/><path id="Path_1063" d="M31.27 26.38h-7.72a.591.591 0 0 1 0-1.18h7.72a.591.591 0 0 1 0 1.18" class="clsNavBAQ-1"/><path id="Path_1064" d="M19.7 31.32a1.14 1.14 0 1 1 1.14-1.14c0 .63-.51 1.14-1.14 1.14m-.04-1.13s.02.04.03.04l-.04-.04Z" class="clsNavBAQ-1"/><path id="Path_1065" d="M31.27 30.77h-7.72a.591.591 0 0 1 0-1.18h7.72a.591.591 0 0 1 0 1.18" class="clsNavBAQ-1"/><path id="Path_1066" d="M31.41 39.02c-.15 0-.29-.06-.4-.16l-3.44-3.23a.595.595 0 0 1 .02-.83c.22-.2.55-.21.78-.03l2.93 2.75 3.87-6c.18-.27.54-.35.81-.17.27.18.35.54.17.81l-4.25 6.59c-.09.15-.25.24-.42.26h-.07" class="clsNavBAQ-1"/></g></g></svg> <h5>Build A Quote <span class="GetStartedNav__LinksArrow"><em>→</em></span></h5> </a> <a href="/partners/become-a-partner"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" viewBox="0 0 51 51"><defs><style>.clsBecomePartner-2{stroke-width:0;fill:#fff}</style></defs><g id="Group_2082"><path id="Path_6059" d="M5 0h46v51H5c-2.76 0-5-2.24-5-5V5c0-2.76 2.24-5 5-5Z" style="stroke-width:0;fill:#40c3d9"/><g id="Group_2079"><path id="Path_1068" d="M33.34 34.79c-1.12-.1-2.12-.75-2.67-1.73l-3.12-4.12a.633.633 0 0 1 .12-.88c.27-.21.66-.16.87.12l3.16 4.18c.07.12.97 1.57 2.14 1.06.5-.22.81-.73.76-1.28-.03-.42-.17-.82-.41-1.16l-6.78-9.69c-.73.55-1.52 1.03-2.35 1.42-2.03.97-3.61 1.12-4.68.44-.75-.5-1.18-1.36-1.14-2.26 0-.69.56-1.07 1.41-1.65a19.46 19.46 0 0 0 3.03-2.47c.45-.45.83-.84 1.15-1.18 1.39-1.43 1.91-1.97 3.21-1.97h1.51c1.67-.14 3.34.35 4.66 1.39l.26.18c2.35 1.57 3.14 2.14 3.14 2.14.16.12.26.31.26.51v11.77c0 .35-.28.63-.62.63h-2.07l.02.04c.4.55.62 1.21.65 1.89.05 1.05-.55 2.01-1.52 2.43-.31.14-.66.22-1 .22m.99-5.85h2.32V18.15c-.39-.27-1.25-.87-2.84-1.93l-.26-.18a5.42 5.42 0 0 0-3.97-1.17h-1.51c-.75 0-.99.23-2.31 1.59-.33.34-.71.73-1.17 1.19-.98.98-2.06 1.85-3.21 2.62-.32.19-.61.42-.88.68 0 .45.21.88.57 1.14.38.24 1.34.5 3.47-.51.94-.44 1.81-1 2.6-1.66a.624.624 0 0 1 .93.1l6.25 8.94Z" class="clsBecomePartner-2"/><path id="Path_1069" d="M29.79 36.38c-.15 0-.31-.02-.46-.05-.74-.19-1.38-.65-1.81-1.28l-3.57-5.1a.625.625 0 0 1 1.02-.72l3.58 5.12c.35.68 1.19.94 1.86.58.03-.01.05-.03.08-.04.53-.35.52-.86.45-1.4v-.13c-.04-.34.21-.65.55-.68.34-.04.65.21.68.55v.01l-.62.06.64.04c.21.99-.18 2.01-1.01 2.59-.41.28-.9.44-1.4.45" class="clsBecomePartner-2"/><path id="Path_1070" d="M25.76 36.87c-.66.01-1.3-.25-1.76-.73l-3.62-5.17a.625.625 0 0 1 1.02-.72l3.58 5.11c.48.35 1.13.36 1.62.02.35-.19.58-.54.63-.93.08-.34.42-.54.76-.46.34.08.54.42.46.76v.02c-.14.74-.61 1.38-1.29 1.73-.44.22-.92.35-1.41.35" class="clsBecomePartner-2"/><path id="Path_1071" d="M21.81 37.38c-.78-.01-1.51-.41-1.93-1.06l-2.95-4.2c-.39-.65-1.41-1.9-2.17-1.9h-1.02c-.35 0-.63-.28-.62-.63V17.83c0-.35.28-.63.62-.63h3.07c.69-.04 1.37-.2 2-.49 1.8-.74 3.73-1.09 5.67-1.04.35-.01.64.26.65.6s-.26.64-.6.65h-.05c-1.79-.05-3.57.28-5.22.96-.77.35-1.6.55-2.45.58h-2.44v10.51h.4c1.67 0 3.06 2.22 3.21 2.47l2.95 4.19c.34.53 1.05.68 1.58.34a.55.55 0 0 0 .09-.07c.34-.16.6-.43.75-.77a.622.622 0 1 1 1.18.4c-.24.64-.71 1.16-1.32 1.47-.42.25-.9.39-1.39.4" class="clsBecomePartner-2"/></g></g></svg> <h5>Become A Partner <span class="GetStartedNav__LinksArrow"><em>→</em></span></h5> </a> </div> </div> </div> </div> <script> let buttonSubtles = document.querySelectorAll('.NavBar__ButtonSubtleTrigger'); let subMenus = document.querySelectorAll('.NavBar__SubMenu'); let mobileHamburgers = document.querySelectorAll('.NavBar__MobileNavicon'); let mobileHamburgerBacks = document.querySelectorAll('.MobileDropdownNav__BackButton'); function closeNavigation() { subMenus.forEach(subMenu => { subMenu.classList.remove('active'); }); buttonSubtles.forEach(buttonSubtleparent => { buttonSubtleparent.parentNode.classList.remove("active"); }); } buttonSubtles.forEach(buttonSubtle => { buttonSubtle.addEventListener('click', (e) => { e.preventDefault(); const id = buttonSubtle.getAttribute('data-nav'); if(document.querySelector(`.NavBar__SubMenu[data-menu="${id}"]`).classList.contains('active')) { document.querySelector(`.NavBar__SubMenu[data-menu="${id}"]`).classList.remove('active'); buttonSubtle.parentNode.classList.remove("active"); } else { closeNavigation(); document.querySelector(`.NavBar__SubMenu[data-menu="${id}"]`).classList.add('active'); buttonSubtle.parentNode.classList.add("active"); } }); }); mobileHamburgers.forEach(mobileHamburger => { mobileHamburger.addEventListener('click', (e) => { e.preventDefault(); if(document.getElementsByClassName("NavBar__MobileDropdown")[0].classList.contains("NavBar__MobileDropdown--Visible")) { subMenus.forEach(subMenu => { subMenu.classList.remove('active'); }); } mobileHamburger.parentNode.classList.toggle("NavBar__MobileNavicon--Close"); document.getElementsByClassName("NavBar__MobileDropdown")[0].classList.toggle("NavBar__MobileDropdown--Visible"); }); }); mobileHamburgerBacks.forEach(mobileHamburgerBack => { mobileHamburgerBack.addEventListener('click', (e) => { e.preventDefault(); closeNavigation(); }); }); let navigation = document.getElementsByClassName("NavBar")[0]; // Event listener for clicking outside the navigation document.addEventListener('click', (event) => { if (!navigation.contains(event.target)) { if(!event.target.matches('.Search__SearchField')) { if(!event.target.matches('.Search__TopField svg')) { closeNavigation(); } } } }); </script>  <div class="BlogHeading"> <div class="BlogHeading__Content"> <h5 class="BlogHeading__Breadcrumb">Blog </h5> <h1 class="BlogHeading__Title smallerMobileHeading">Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2 <br> </h1> <div class="BlogHeading__Credits"> <div class="BlogHeading__Author"> <p>BY <strong>eSentire Threat Response Unit (TRU)</strong></p> </div> <div class="BlogHeading__ReadDateTime"><p>November 14, 2024 | <strong>13 MINS READ</strong></p></div> </div> <div class="BlogHeading__TagsShare"> <div class="BlogHeading__BlogType"> </div> <div class="BlogHeading__SocialShare"> <a href="https://twitter.com/intent/tweet?url=https://www.esentire.com/blog/bored-beavertail-invisibleferret-yacht-club-a-lazarus-lure-pt-2?fbclid=IwZXh0bgNhZW0CMTEAAR3BJ3fh7BcW5HMz-SLfQAA9yYot29HIdmV9nObEFkSQ4ix69RjVBczTGn8_aem_5Uy5cUxUhJBH8fQf_fli0Q" target="_blank"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 146.77 150"><path d="M87.35 63.51 141.99 0h-12.95L81.6 55.15 43.71 0H0l57.3 83.4L0 150h12.95l50.1-58.24L103.07 150h43.71L87.35 63.51ZM69.61 84.12l-5.81-8.3L17.61 9.75H37.5l37.28 53.33 5.81 8.3 48.46 69.32h-19.89L69.62 84.14Z" style="fill:#fff;stroke-width:0"/></svg></a> <a href="https://linkedin.com/shareArticle?url=https://www.esentire.com/blog/bored-beavertail-invisibleferret-yacht-club-a-lazarus-lure-pt-2?fbclid=IwZXh0bgNhZW0CMTEAAR3BJ3fh7BcW5HMz-SLfQAA9yYot29HIdmV9nObEFkSQ4ix69RjVBczTGn8_aem_5Uy5cUxUhJBH8fQf_fli0Q/&title=Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2" target="_blank"><svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" x="0" y="0" viewBox="0 0 32.9 28" xml:space="preserve"><style>.linkedin-share-icon{fill:#fff}</style><path class="linkedin-share-icon" d="M31.3 22.6c.4 0 .5-.2.5-.5 0-.4-.2-.6-.7-.6h-.7v2h.3v-.8h.3l.5.8h.3l-.5-.9zm-.3-.2h-.3v-.7h.4c.2 0 .4 0 .4.3 0 .4-.2.4-.5.4z"/><path class="linkedin-share-icon" d="M31 20.6c-1.1 0-1.8.8-1.8 1.8 0 1.1.8 1.8 1.8 1.8 1.1 0 1.8-.8 1.8-1.8.1-.9-.7-1.8-1.8-1.8zm0 3.5c-.9 0-1.6-.7-1.6-1.6 0-.9.7-1.6 1.6-1.6s1.6.7 1.6 1.6-.7 1.6-1.6 1.6z"/><g><path d="M25.9 0H2.1C.9 0 0 .9 0 2v24c0 1.1.9 2 2.1 2h23.8c1.1 0 2.1-.9 2.1-2V2c0-1.1-.9-2-2.1-2z" fill="#0278b6"/><path class="linkedin-share-icon" d="M4.2 10.5h4.2v13.3H4.2V10.5zm2-6.6c1.3 0 2.4 1.1 2.4 2.4S7.5 8.7 6.2 8.7 3.8 7.6 3.8 6.3c0-1.4 1.1-2.4 2.4-2.4M10.9 10.5h4v1.8c.6-1.1 1.9-2.1 3.9-2.1 4.2 0 5 2.8 5 6.3v7.3h-4.2v-6.5c0-1.5 0-3.5-2.1-3.5S15 15.5 15 17.2v6.6h-4.2c.1 0 .1-13.3.1-13.3z"/></g></svg></a> </div> </div> </div> </div> <div class="Page__ProgressContainer hidden"> <div class="Page__ProgressContainer-bar" id="ProgressBar"></div> </div> <style> .Page__ProgressContainer { width: 100%; height: 4px; background: #ccc; z-index: 1000; top: 114px; } .Page__ProgressContainer--Scrolled { position: fixed; } @media (max-width: 1064px) { .Page__ProgressContainer { top: 116px; } } @media (max-width: 768px) { .Page__ProgressContainer { top: 54px; } } .Page__ProgressContainer.hidden { display: none; } .Page__ProgressContainer-bar { height: 4px; background: #40c3d9; width: 0%; } </style> <script> // When the user scrolls the page, execute myFunction window.onscroll = function() {ScrollCatchFunction()}; function ScrollCatchFunction() { var winScroll = document.body.scrollTop || document.documentElement.scrollTop; var height = document.documentElement.scrollHeight - document.documentElement.clientHeight - document.getElementsByClassName('Footer')[0].clientHeight; var scrolled = (winScroll / height) * 100; if (scrolled > 1) { document.getElementsByClassName("Page__ProgressContainer")[0].classList.remove("hidden"); } else { document.getElementsByClassName("Page__ProgressContainer")[0].classList.add("hidden"); } document.getElementById("ProgressBar").style.width = scrolled + "%"; var TopOffset = document.getElementsByClassName('BlogBody')[0].offsetTop; if (screen.width <= 768) { if(TopOffset <= winScroll+55) { document.getElementsByClassName("Page__ProgressContainer")[0].classList.add("Page__ProgressContainer--Scrolled"); } else { document.getElementsByClassName("Page__ProgressContainer")[0].classList.remove("Page__ProgressContainer--Scrolled"); } } else { if(TopOffset <= winScroll+114) { document.getElementsByClassName("Page__ProgressContainer")[0].classList.add("Page__ProgressContainer--Scrolled"); } else { document.getElementsByClassName("Page__ProgressContainer")[0].classList.remove("Page__ProgressContainer--Scrolled"); } } } </script>    <div class="BlogBody BlogBody-MainBody"> <div class="BlogBody__ContentLeft"> <div class="BlogBody__LearnMoreBox"> <h3>Want to learn more on how to achieve Cyber Resilience?</h3> <a href="/get-started">TALK TO AN EXPERT</a> </div> </div> <div class="BlogBody__Content"> <p> Adversaries don’t work 9-5 and neither do we. At eSentire, our <a href="/what-we-do/security-operations-center">24/7 SOCs</a> are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes. </p> <p> We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware. </p> <p> Our Security Operations Centers are supported with Threat Intelligence, Tactical Threat Response and Advanced Threat Analytics driven by our Threat Response Unit – the TRU team. </p> <p> In TRU Positives, eSentire’s Threat Response Unit (TRU) provides a summary of a recent threat investigation. We outline how we responded to the confirmed threat and what recommendations we have going forward. </p> <p> <strong>Here’s the latest from our TRU Team…</strong> </p> <h2> What did we find? </h2> <p> In October 2024, the <a href="https://www.esentire.com/what-we-do/threat-response-unit">eSentire Threat Response Unit (TRU)</a> responded to an incident where a software developer downloaded a JavaScript project that contained BeaverTail malware. Upon installing the project through the Node Package Manager (NPM) command, it executed malicious JavaScript files and subsequently deployed the InvisibleFerret malware to the host. The InvisibleFerret malware was executed through a Python command, which fingerprinted the host's information and stole the browser's credentials. </p> <p> In response, our team of <a href="https://www.esentire.com/what-we-do/security-operations-center">24/7 SOC Cyber Analysts</a> responded by isolating the impacted host and alerting the customer with the relevant details. </p> <p> Upon further investigation by eSentire’s TRU team, it was determined that the observed Tactics, Techniques, and Procedures (TTPs) were consistent with those reported to be used by <a href="https://www.esentire.com/blog/bored-beavertail-yacht-club-a-lazarus-lure">North Korea threat actors,</a> also tracked as Contagious Interview. </p> <h2> Initial Access </h2> <p> A ZIP file named 'task-space-eshop-aeea6cc51a7c.zip' was found in the user's download directory. eSentire Threat Intelligence team assesses the chances as probable that the victim downloaded the zip from a BitBucket project named “eshop” (Figure 1). </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-1.png" alt="Figure 1 eshop project hosted on Bitbucket."> <figcaption> Figure 1 eshop project hosted on Bitbucket. </figcaption> </figure> <p> The malicious “eshop” repository was committed by the user “francesco zaid” (Figure 2). </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-2.png" alt="Figure 2 Author “francesco zaid” (screenshot taken October 24th, 2024)."> <figcaption> Figure 2 Author “francesco zaid” (screenshot taken October 24th, 2024). </figcaption> </figure> <p> The commits to eshop occurred roughly five days after a job posting for a freelancer was published on a freelance job board. The job was posted by a user named “francesco zaid” on the “www.freelancermap[.]com” (Figure 3). </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-3.png" alt="Figure 3 Possible Fake Job posting associated with the Contagious Interview Campaign."> <figcaption> Figure 3 Possible Fake Job posting associated with the Contagious Interview Campaign. </figcaption> </figure> <p> It should be noted that the eSentire Threat Intelligence team reviewed the job posting and was unable to find a direct link to the eshop repository from the posting; however, given the contact person’s name being the same name used to upload content to the repository, it is a notable finding and is consistent with the Contagious Interview campaign Tactics, Techniques and Procedures (TTPs) of luring software developers with fraudulent jobs. </p> <p> The victim in the incident eSentire responded to appears to be a software developer, which aligns with the TTPs of previously reported on campaigns by North Korean threat actors where software developers were targeted. </p> <h2> Execution Chain </h2> <p> The ZIP file downloaded by the victim contained a malicious NPM package that once installed by the victim, executed “server.js” file that is defined in the “package.json” and subsequently, loads a malicious JavaScript file (error.js) (Figure 4). </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-4.png" alt="Figure 4 “server.js” file was defined to be executed in the “package.json” file"> <figcaption> Figure 4 “server.js” file was defined to be executed in the “package.json” file </figcaption> </figure> <p> The “server.js” file is used as an entry point to load the file located in “backend/middlewares/helpers/error.js”, which facilitates further malicious activities on the victim machine such as: steal saved login credentials in the browsers; collect system information; enumerates crypto wallet extensions in the targeted browsers; and, steal configuration data from crypto wallets like Exodus and Solana. This JavaScript file (error.js) is highly obfuscated and after analysis it was determined to be a component for the Beavertail malware (Figure 5). </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-5.png" alt="Figure 5 Screenshot of ‘error.js’ found on the BitBucket Repository that is a component of BeaverTail."> <figcaption> Figure 5 Screenshot of ‘error.js’ found on the BitBucket Repository that is a component of BeaverTail. </figcaption> </figure> <p> After the JavaScript file is loaded, it uses a cURL command to download InvisibleFerret malware components from a command and control (C2) server; in this case the C2 was located at 185[.]235[.]241[.]208[:]1224. BeaverTail then downloads the initial Python script of InvisibleFerret. It is saved on the victim machine as “.sysinfo” file in the victim’s home directory (Figure 6). </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-6.png" alt="Figure 6 Initial BeaverTail Python Script that Fetches InvisibleFerret."> <figcaption> Figure 6 Initial BeaverTail Python Script that Fetches InvisibleFerret. </figcaption> </figure> <p> Once the file “.sysinfo” is downloaded onto the machine, InvisibleFerret’s loader file “.sysinfo” is then executed with the command “C:\Users\{username}\.pyp\python.exe" "C:\Users\{username}/.sysinfo”. It’s worth noting that this observation is different from what was reported by <a href="https://unit42.paloaltonetworks.com/two-campaigns-by-north-korea-bad-actors-target-job-hunters/">Unit 42</a> where the initial Python script was named “.npl”. </p> <p> It’s also worth noting that a total of 21 crypto extensions were targeted by the BeaverTail in our observed sample; the full list can be found in the Appendix at the end of the blog (Figure 7). </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-7.png" alt="Figure 7 Crypto Wallet Browser Extensions Targeted by BeaverTail."> <figcaption> Figure 7 Crypto Wallet Browser Extensions Targeted by BeaverTail. </figcaption> </figure> <h2> Analysis of InvisibleFerret Python Files </h2> <p> The eSentire Threat Intelligence team conducted analysis of four Python files that were dropped in the incident; one loader (.sysinfo in this instance) and three payloads stored under “<strong>\.n2</strong>” folder in the user’s home directory (Figure 8). </p> <p> Table 1: Observed Invisible Ferret Python File Locations </p> <table class="table-bordered table-bordered-top"> <tbody> <tr> <td> <p>Request URL</p> </td> <td> <p>Note</p> </td> <td> <p>Destination File Path (Windows)</p> </td> </tr> <tr> <td> <p> hxxp[://]185[.]235[.]241[.]208:1224/client/99/29 </p> </td> <td> <p> HTTP request for InvisibleFerret Python Loader (client) </p> </td> <td> <p> %USERPROFILE%\.sysinfo </p> </td> </tr> <tr> <td> <p> hxxp[://]185[.]235[.]241[.]208:1224/payload/99/29 </p> </td> <td> <p> HTTP GET request for InvisibleFerret Component (Fingerprint, Remote Control, and Information Stealer Component) </p> </td> <td> <p> %USERPROFILE%\.n2\pay </p> </td> </tr> <tr> <td> <p> hxxp[://]185[.]235[.]241[.]208:1224/brow/99/29 </p> </td> <td> <p> HTTP GET request for InvisibleFerret Component (Browser Stealer Component) </p> </td> <td> <p> %USERPROFILE%\.n2\bow </p> </td> </tr> <tr> <td> <p> hxxp[://]185[.]235[.]241[.]208:1224/mclip/99/29 </p> </td> <td> <p> HTTP GET request for InvisibleFerret Component (Clipboard Stealer Component) </p> </td> <td> <p> %USERPROFILE%\.n2\mlip </p> </td> </tr> </tbody> </table> <p> <strong>Loader Component Overview</strong> </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-8.png" alt="Figure 8 Python Loader (.sysinfo) Parameters (commented line was included)."> <figcaption> Figure 8 Python Loader (.sysinfo) Parameters (commented line was included). </figcaption> </figure> <p> It's worth noting that the internal IP address (10.10.51.212) was excluded from the initial loader script, but still reappears in the various InvisibleFerret python payloads (Figure 8). This suggests that the IP address may be used for testing purposes. Furthermore, our analysis revealed that excluded or commented-out code sections are a common trait of these scripts, potentially indicative of the malware's development or testing stages. </p> <p> The sample downloads three distinct payloads which are appended with a campaign ID and sub ID (sType and gType respectively, as seen in Figure 8 above and Figure 9 below): <i>pay_campaignid_subid.py</i>; <i>brow_campaignid_subid.py</i>; and, <i>mlip_campaignid_subid.py</i>. On disk these files are saved to the %USERPROFILE%\.n2 path without these identifiers or file extensions (Figure 9). </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-9.png" alt="Figure 9 InvisibleFerret Python Files."> <figcaption> Figure 9 InvisibleFerret Python Files. </figcaption> </figure> <p> Some of these files are obfuscated with a combination of zlib, base64 and reverse string order (Figure 10). The script loops through the lambda function continuously until the final cleartext payload is executed. </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-10.png" alt="Figure 10 Payload Retrieval"> <figcaption> Figure 10 Payload Retrieval </figcaption> </figure> <p> An overview of the three InvisibleFerret components can be found in the table below. </p> <p> Table 2: InvisibleFerret Components </p> <table class="table-bordered table-bordered-top"> <tbody> <tr> <td> <p><strong>InvisibleFerret Component</strong></p> </td> <td> <p><strong>Purpose</strong></p> </td> <td> <p><strong>Notable Network Indicators</strong></p> </td> </tr> <tr> <td> <p> <strong>pay</strong> </p> </td> <td> <p> Host Fingerprinting<br> File Stealer<br> Browser Credential Stealer<br> Remote Access<br> Deploys AnyDesk </p> </td> <td> <p> hxxp://185.235.241[.]208:1224/uploads<br> hxxp://185.235.241[.]208:1224/keys<br> hxxp://185.235.241[.]208:1224/brow<br> hxxp://185.235.241[.]208:1224/adc<br> 185.235.241[.]208:2245 </p> </td> </tr> <tr> <td> <p> <strong>brow</strong> </p> </td> <td> <p> Browser credential stealer </p> </td> <td> <p> hxxp://:185.235.241[.]208:1224/keys </p> </td> </tr> <tr> <td> <p> <strong>mlip</strong> </p> </td> <td> <p> Standalone clipboard stealer and keylogger targeting web browsers. </p> </td> <td> <p> hxxp://95.164.7[.]171:8637/api/clip </p> </td> </tr> </tbody> </table> <p> <strong>“Pay” Component Overview</strong> </p> <p> The <strong>pay</strong> component<i> </i>conducts various host fingerprinting activities including the internal IP, external IP, OS version, username and a number of other parameters (Figure 11). It also initiates a backdoor session with the C2 server and scans and uploads sensitive files from the infected host. </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-11.png" alt="Figure 11 Host Fingerprinting functionality."> <figcaption> Figure 11 Host Fingerprinting functionality. </figcaption> </figure> <p> Once the fingerprinting activity is concluded, it is packaged up and exfiltrated via HTTP POST request to hxxp://185.235.241[.]208:1224/keys (Figure 12). The C2 IP address is de-obfuscated by shifting the first nine characters to the end of the string then base64 decoding the set. </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-12.png" alt="Figure 12 Partial screenshot of pay_campaignid_subid.py exfil process (the commented line was left in by the author of the script)"> <figcaption> Figure 12 Partial screenshot of pay_campaignid_subid.py exfil process (the commented line was left in by the author of the script) </figcaption> </figure> <p> On non-Windows systems, the script attempts to run the client instance by calling client.run(). </p> <p> On Windows systems, the main backdoor client is initiated alongside a keylogger and clipboard stealer which utilizes the pyHook, pythoncom and pyperclip Python libraries (Figure 13) </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-13.png" alt="Figure 13 Initializing the backdoor and keylogger/clipboard stealer."> <figcaption> Figure 13 Initializing the backdoor and keylogger/clipboard stealer. </figcaption> </figure> <p> Captured keystrokes and clipboard data are written to the global “e_buf” variable then sent back to the C2 (via TCP connection to 185.235.241[.]208:2245) when the ssh_clip command is called within the backdoor session. </p> <p> The backdoor session is defined within the Client (Figure 14), Session and Shell classes. It initiates a network connection over port 2245 to the C2 server using sockets and accepts JSON-formatted messages containing various commands shown below. Notably, it also calls an auto_up() function which in this sample initiates an automatic file upload. This sample also contained placeholder code for automatically dropping AnyDesk (as opposed to manually via the backdoor). </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-14.png" alt="Figure 14 Client class which manages the overall connection logic and initiates a file upload (code formatting and inline comments added for clarity)"> <figcaption> Figure 14 Client class which manages the overall connection logic and initiates a file upload (code formatting and inline comments added for clarity) </figcaption> </figure> <p> InvisibleFerret contains logic to scan for and upload files of interest from multiple operating systems. Various functions in the script expedite identification of noteworthy files: </p> <ul> <li> <strong>in_pk</strong>: Checks if a string contains a private key by searching for specific hexadecimal patterns that match typical private key lengths. </li> <li> <strong>ismnemonic</strong>: Determines if a string contains a valid mnemonic phrase by checking for typical word counts and validating the phrase. </li> <li> <strong>is_exceptFile</strong>: Checks if a file name has an extension that should be excluded from processing. </li> <li> <strong>is_exceptPath</strong>: Checks if a path name matches any directories that should be excluded. </li> <li> <strong>is_pat</strong>: Checks if a file name contains specific patterns related to environment variables and other sensitive files </li> </ul> <p> As each file is processed, the script checks if the file name contains any of these patterns: </p> <p>[<br> '.env', 'config.js', 'secret', 'metamask', 'wallet', 'private', 'mnemonic', 'password', 'account', '.xls', '.xlsx', '.doc', '.docx', '.rtf', '.txt', 'recovery' <br>] </p> <p> If the file is not a common document type, additional filtering is performed using <strong>ismnemonic </strong>and<strong> in_pk </strong>to target sensitive file content such as private keys. This is noteworthy given developers (likely those involved in blockchain/crypto applications) are targeted. Any system found infected with InvisibleFerret should assume these keys are compromised and take appropriate action. </p> <p> Files are uploaded to hxxp://185.235.241[.]208:1224/uploads. Filenames are prepended with the current time and the hostname is prepended with the subid “29”, as seen in Figure 15. </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-15.png" alt="Figure 15 Example HTTP headers from auto_upload activity."> <figcaption> Figure 15 Example HTTP headers from auto_upload activity. </figcaption> </figure> <p> A record of uploaded files is kept within the flist file contained within the .n2 directory. While it’s a notable forensic artifact, since this file can be arbitrarily cleared, it should not be considered a reliable record of exfiltrated files. </p> <p> As has been documented by other researchers, the backdoor component contains 8 commands which are briefly outlined below. </p> <p> <strong>ssh_obj</strong> </p> <ul> <li> Change directories, execute arbitrary commands via <i>subprocess.Popen</i>. Results/errors are reported back<a href="#_msocom_18">[PC18]</a> via the shell. </li> </ul> <p> <strong>ssh_cmd</strong> </p> <ul> <li> Terminates the Python process, likely to terminate the session. </li> </ul> <p> <strong>ssh_clip</strong> </p> <ul> <li> Sends captured keystrokes and clipboard data to the C2. </li> </ul> <p> <strong>ssh_run</strong> </p> <ul> <li> Downloads and runs the browser stealer component. </li> </ul> <p> <strong>ssh_upload</strong> </p> <ul> <li> Upload specific files, all files from a directory or search for files with specific patterns. </li> </ul> <p> <strong>ssh_kill</strong> </p> <ul> <li> Kills Chrome and Brave browser processes. </li> </ul> <p> <strong>ssh_any</strong> </p> <ul> <li> Downloads and runs AnyDesk. </li> </ul> <p> <strong>ssh_env</strong> </p> <ul> <li> Scans for environment (.env) files similar to the auto-upload function described above. If they match certain conditions (not in exception lists, contains private keys/phrases etc) the files are uploaded. </li> </ul> <p> <strong>“Brow” Component Overview</strong> </p> <p> This InvisibleFerret component is a cross-platform browser infostealer targeting Windows, Linux and MacOS operating systems. It targets Chrome, Brave, Opera, Yandex and MsEdge browsers, uploading sensitive data to hxxp://:185.235.241[.]208:1224/keys (Figure 16). </p> <p> Each OS type initializes its own class, which is inherited<a href="#_msocom_19">[BZ19]</a> from the ChromeBase class. Each class provides instructions for decrypting browser-stored passwords on Windows, Linux and MacOS operating systems. </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-16.png" alt="Figure 16 Browser infostealer. Comments from original author."> <figcaption> Figure 16 Browser infostealer. Comments from original author. </figcaption> </figure> <p> The script contains functionality to retrieve, decrypt and upload stored browser passwords, credit cards using methods commonly found in infostealing malware (Figure 17). </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-17.png" alt="Figure 17 Snippet of credential stealing code. Original comments are from the script author(s)."> <figcaption> Figure 17 Snippet of credential stealing code. Original comments are from the script author(s). </figcaption> </figure> <p> <strong>“Mlip” (Mclip) Component Overview</strong> </p> <p> The third payload contains a standalone keylogger and clipboard stealer implemented in Python using the pyWinhook, psutil, pywin32 and wx libraries. The sample analyzed targeted Chrome and Brave browsers, uploading stolen data to hxxp://95.164.7[.]171:8637/api/clip (Figure 18). </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-18.png" alt="Figure 18 Data upload structure in Mlip Python script."> <figcaption> Figure 18 Data upload structure in Mlip Python script. </figcaption> </figure> <p> The primary function <strong>OnKeyBoardEvent</strong> (Figure 19) is triggered by a keyboard event handler via the HookManager from the pyWinhook library. When a keypress is detected, this function is called and will check the active window process pid, process name and window name via the act_win_pn() function using the win32gui library. If the process name matches a browser ("chrome.exe", "brave.exe"), it proceeds. </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-19.png" alt="Figure 19 OnKeyboardEvent funtion in mlip file."> <figcaption> Figure 19 OnKeyboardEvent funtion in mlip file. </figcaption> </figure> <p> If the caption of the active window is empty (indicating no specific page title or a blank tab), the function then proceeds to handle individual keystrokes for logging purposes. </p> <p> The function checks for printable ASCII characters <a href="#_msocom_20">[PC20]</a> and uses several modifiers to handle special keypresses such as CTL or enter. For example, when enter is pressed, it’s formatted as a newline character to break up the text and make it easier to process by the operator. If CTL + V is detected (signifying data being pasted into the browser), the <strong>GetTextFromClipboard()</strong> function is triggered. Data is appended to the key_log variable until a newline character is detected. </p> <p> If a newline character is detected (“\n”) and the key_log is not empty, the save_log() function is triggered, uploading the data to the C2 and clearing the log. If the window caption changes, the accumulated logs are also uploaded and cleared. </p> <p> <strong>GetTextFromClipboard Function</strong> </p> <p> The script appears to use the the wx (wxPython) library to handle clipboard operations. It initializes a new instance of <a href="https://docs.wxpython.org/wx.Clipboard.html">wx.Clipboard</a>, checks that the clipboard data is text (to avoid images or binaries) then uploads it to the C2 using the save_log() function shown in Figure 20. Interestingly, it can check the clipboard for private keys and mnemonic phrases, but that line was commented out in this sample. </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-20.png" alt="Figure 20 GetTextFromClipboard function."> <figcaption> Figure 20 GetTextFromClipboard function. </figcaption> </figure> <p> A quick test with the wx library shows clipboard data can be extracted with a simple Python script: </p> <figure class="image"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/blog/blog-images/Bored-BeaverTail-nov-2024-trup-figure-21.png" alt="Figure 21 Screenshot testing whether clipboard data can be extracted through a python script"> <figcaption> Figure 21 Screenshot testing whether clipboard data can be extracted through a python script </figcaption> </figure> <h2> What did we do? </h2> <ul> <li> Our team of <a href="https://www.esentire.com/what-we-do/security-operations-center">24/7 SOC Cyber Analysts</a> isolated the affected host to contain the infection. </li> <li> We alerted the customer of the incident and supported them through the remediation process. </li> </ul> <h2> What can you learn from this TRU Positive? </h2> <ul> <li> The case showcases the importance of endpoint security solutions, such as Endpoint Detection and Response (EDR), and the implementation of security training programs to educate users about such sophisticated threats. </li> <li> Using company-issued computers for personal activities outside of work, such as job interviews, can put corporate networks at risk. </li> <li> Developers should exercise caution when engaging with public code repositories that have a sparse portfolio – typically a single repository with minimal activity. This behavior can be a red flag, as threat actors often misuse free platforms like GitHub or BitBucket to host malicious code or distribute malware. </li> </ul> <h2> Recommendations from the Threat Response Unit (TRU): </h2> <ul> <li> Assume compromise of sensitive keys, passwords and files on infected hosts and take appropriate action such as rotating keys, passwords etc. </li> <li> Confirm that all devices are protected with <a href="https://www.esentire.com/how-we-do-it/signals/endpoint">Endpoint Detection and Response (EDR)</a> solutions. </li> <li> Implement a <a href="https://www.esentire.com/what-we-do/managed-vulnerability-and-risk/technical-testing/security-awareness-training-managed-phishing-training">Phishing and Security Awareness Training (PSAT) program</a> that educates and informs your employees on emerging threats in the threat landscape. </li> <li> Ensure your organization has a corporate policy for acceptable use of corporate devices. </li> </ul> <h2> Indicators of Compromise </h2> <p> You can access the indicators of compromise <a href="https://github.com/eSentire/iocs/blob/main/InvisibleFerret_2/InvisibleFerret2_iocs_11-01-2024.txt">here</a>. </p> <h2> References </h2> <ul> <li> <a href="https://www.esentire.com/blog/bored-beavertail-yacht-club-a-lazarus-lure">https://www.esentire.com/blog/bored-beavertail-yacht-club-a-lazarus-lure</a> </li> <li> <a href="https://www.group-ib.com/blog/apt-lazarus-python-scripts/">https://www.group-ib.com/blog/apt-lazarus-python-scripts/</a> </li> <li> <a href="https://unit42.paloaltonetworks.com/two-campaigns-by-north-korea-bad-actors-target-job-hunters/">https://unit42.paloaltonetworks.com/two-campaigns-by-north-korea-bad-actors-target-job-hunters/</a> </li> <li> <a href="https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/">https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/</a> </li> <li> <a href="https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/">https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/</a> </li> </ul> <h2> Appendix – Crypto Wallet Extensions Targeted by BeaverTail </h2> <table class="table-bordered table-bordered-top"> <tbody> <tr> <td> <p>Browser Extension ID</p> </td> <td> <p>Browser Extesion Name</p> </td> <td> <p>Target Browser</p> </td> </tr> <tr> <td> <p> nkbihfbeogaeaoehlefnkodbefgpgknn </p> </td> <td> <p> MetaMask </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> ejbalbakoplchlghecdalmeeeajnimhm </p> </td> <td> <p> MetaMask </p> </td> <td> <p> Edge </p> </td> </tr> <tr> <td> <p> fhbohimaelbohpjbbldcngcnapndodjp </p> </td> <td> <p> BNB Chain Walle </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> ibnejdfjmmkpcnlpebklmnkoeoihofec </p> </td> <td> <p> TronLink </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> bfnaelmomeimhlpmgjnjophhpkkoljpa </p> </td> <td> <p> Phantom </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> aeachknmefphepccionboohckonoeemg </p> </td> <td> <p> Coin98 Wallet </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> hifafgmccdpekplomjjkcfgodnhcellj </p> </td> <td> <p> Crypto[.]com </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> jblndlipeogpafnldhgmapagcccfchpi </p> </td> <td> <p> Kaia Wallet </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> acmacodkjbdgmoleebolmdjonilkdbch </p> </td> <td> <p> Rabby Wallet </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> dlcobpjiigpikoobohmabehhmhfoodbb </p> </td> <td> <p> Argent X </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> mcohilncbfahbmgdjkbpemcciiolgcge </p> </td> <td> <p> OKX Wallet </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> agoakfejjabomempkjlepdflaleeobhb </p> </td> <td> <p> Core </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> omaabbefbmiijedngplfjmnooppbclkk </p> </td> <td> <p> Tonkeeper </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> aholpfdialjgjfhomihkjbmgjidlcdno </p> </td> <td> <p> Exodus Web3 Wallet </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> nphplpgoakhhjchkkhmiggakijnkhfnd </p> </td> <td> <p> TON Wallet </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> penjlddjkjgpnkllboccdgccekpkcbin </p> </td> <td> <p> OpenMask </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> lgmpcpglpngdoalbgeoldeajfclnhafa </p> </td> <td> <p> SafePal </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> fldfpgipfncgndfolcbkdeeknbbbnhcc </p> </td> <td> <p> MyTonWallet </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> bhhhlbepdkbapadjdnnojkbgioiodbic </p> </td> <td> <p> Solflare Wallet </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> gjnckgkfmgmibbkoficdidcljeaaaheg </p> </td> <td> <p> Atomic Wallet </p> </td> <td> <p> Chrome </p> </td> </tr> <tr> <td> <p> afbcbjpbpfadlkmhmclhkeeodmamcflc </p> </td> <td> <p> Math Wallet </p> </td> <td> <p> Chrome </p> </td> </tr> </tbody> </table> <style> .BlogBody-MainBody .BlogBody__Content a { display: inline; } .BlogBody ul li, .BlogBody p { word-break: break-word; } @media (min-width: 0) and (max-width: 768px) { .BlogBody-MainBody .BlogBody__Content td, .BlogBody-MainBody .BlogBody__Content a, .BlogBody-MainBody .BlogBody__Content p, .BlogBody-MainBody .BlogBody__Content li { word-break: break-word; } .BlogBody__Content .table-bordered-mobile tr td:nth-child(1) p, .BlogBody__Content .table-bordered-mobile tr td:nth-child(2) p { word-break: normal; } .BlogBody__Content .table-bordered p { font-size: 12px; line-height: 16px; margin: 0 0 10px; } .BlogBody__Content .table-bordered td { padding: 4px; } } </style> </div> <div class="BlogBody__ContentRight"> </div> </div>  <div class="BlogAuthor"> <div class="BlogAuthor__Content"> <div class="BlogAuthor__Photo"> <img src="https://esentire-dot-com-assets.s3.amazonaws.com/assets/userphotos/TI_emblem_blog_2022-03-18-204335.svg" alt="eSentire Unit" /> </div> <div class="BlogAuthor__Top"> <h6 class="BlogAuthor__Name"> eSentire Threat Response Unit (TRU) <span class="BlogAuthor__Title"></span> </h6> <div class="BlogAuthor__Bio"> <p>The eSentire Threat Response Unit (TRU) is an industry-leading threat research team committed to helping your organization become more resilient. TRU is an elite team of threat hunters and researchers that supports our 24/7 Security Operations Centers (SOCs), builds threat detection models across the eSentire XDR Cloud Platform, and works as an extension of your security team to continuously improve our Managed Detection and Response service. By providing complete visibility across your attack surface and performing global threat sweeps and proactive hypothesis-driven threat hunts augmented by original threat research, we are laser-focused on defending your organization against known and unknown threats.</p> </div> </div> </div> </div> <div class="BlogBody BlogBody-Form"> <div class="BlogBody__ContentLeft"></div> <div class="BlogBody__Content"> <iframe id="pardot-form-securityAdvisory" class="BlogBody__FormIframe" src="https://mdr.esentire.com/l/651833/2022-10-12/27fwyb?fbclid=IwZXh0bgNhZW0CMTEAAR3BJ3fh7BcW5HMz-SLfQAA9yYot29HIdmV9nObEFkSQ4ix69RjVBczTGn8_aem_5Uy5cUxUhJBH8fQf_fli0Q&ScoringCateogry=Generic%20Nurture"></iframe> </div> <div class="BlogBody__ContentRight"></div> </div> <div class="BlogBody__LatestBlogs"> <div class="BlogBody__LatestBlogs__Content"> <h2>Read the Latest from eSentire</h2> <div class="BlogBody__LatestBlogs__Cards"> <a class="BlogBody__LatestBlogs__Card" href="https://www.esentire.com/blog/bored-beavertail-invisibleferret-yacht-club-a-lazarus-lure-pt-2"> <div class="BlogBody__LatestBlogs__CardTop"> <img src="https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV4/Blog/read_latest_blog_img_536x302_1.png" alt="Blog Graphic Image"/> <div> <span>Nov 14, 2024</span> <h5>Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2 </h5> </div> </div> <div class="BlogBody__LatestBlogs__CardCta"><span>Learn More</span></div> </a> <a class="BlogBody__LatestBlogs__Card" href="https://www.esentire.com/blog/bored-beavertail-yacht-club-a-lazarus-lure"> <div class="BlogBody__LatestBlogs__CardTop"> <img src="https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV4/Blog/read_latest_blog_img_536x302_2.png" alt="Blog Graphic Image"/> <div> <span>Oct 17, 2024</span> <h5>Bored BeaverTail Yacht Club – A Lazarus Lure </h5> </div> </div> <div class="BlogBody__LatestBlogs__CardCta"><span>Learn More</span></div> </a> <a class="BlogBody__LatestBlogs__Card" href="https://www.esentire.com/blog/cybersecurity-spending-where-to-allocate-your-budget-in-2025"> <div class="BlogBody__LatestBlogs__CardTop"> <img src="https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV4/Blog/read_latest_blog_img_536x302_3.png" alt="Blog Graphic Image"/> <div> <span>Oct 17, 2024</span> <h5>Cybersecurity Spending: Where to Allocate Your Budget in 2025 </h5> </div> </div> <div class="BlogBody__LatestBlogs__CardCta"><span>Learn More</span></div> </a> </div> </div> </div> <div id="cookie-consent" class="CookieConsent"> <div class="CookieConsent__Content"> <div class="CookieConsent__Row"> <div class="CookieConsent__Left"> <p>Cookies allow us to deliver the best possible experience for you on our website - by continuing to use our website or by closing this box, you are consenting to our use of cookies. Visit our <a href="/legal/privacy-policy" target="_blank">Privacy Policy</a> to learn more.</p> </div> <div class="CookieConsent__Right"> <a onclick="acceptCookieConsent();">Accept</a> </div> </div> </div> </div>  <div class="Footer"> <div class="Footer__Contact"> <div class="Footer__ContactMessage">ARE YOU EXPERIENCING A SECURITY INCIDENT OR HAVE YOU BEEN BREACHED?</div> <a class="Footer__ContactNumber" href="tel:1-866-579-2200">Call 1-866-579-2200</a> </div> <div class="Footer__Content"> <div class="Footer__Top"> <div class="Footer__TopContent"> <div class="Footer__TopLeft"> <div class="Footer__TopLeftLogo"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 27.12 27.12"><circle cx="13.56" cy="13.56" r="13.56" style="fill:#263c91"/><path d="M17.82 8.59c-1.2-1.54-3.24-1.53-3.24-1.53h-2.04S10.5 7.05 9.3 8.59c-.73.94-.89 1.84-.89 2.47v5.01c0 .63.16 1.53.89 2.47 1.2 1.54 3.24 1.53 3.24 1.53h6.17v-2.89h-5.55s-.81 0-1.29-.61c-.29-.37-.36-.73-.36-.98V15h7.2v-3.93c0-.63-.16-1.53-.89-2.47Zm-6.31 2.78c0-.25.06-.61.36-.98.48-.61 1.29-.61 1.29-.61h.82s.81 0 1.29.61c.29.37.36.73.36.98v.76h-4.11v-.76Z" style="fill:#fff"/></svg> </div> <div class="Footer__TopLeftCopy"> <h3>The Proven Choice for <br>Managed Detection and Response</h3> <div class="Footer__TopLeftCopyCTAs"> <a href="/get-started">GET STARTED <span>→</span></a> <a href="https://esentire.channeltivity.com/Login" target="_blank">PARTNER LOGIN <span>→</span></a> </div> </div> </div> <div class="Footer__TopRight"> <div class="Footer__TopRightCopy"> <h3>Sales and <br>Customer Support</h3> </div> <div class="Footer__TopRightLinks"> <a href="tel:1-866-579-2200" class="Footer__TopRightLink"> <span>NORTH AMERICA</span> <span>1-866-579-2200</span> </a> <a href="tel:+44(0)8000 443242" class="Footer__TopRightLink"> <span>EMEA</span> <span>(0)8000-443242</span> </a> <a href="tel:+1 519 651 2200" class="Footer__TopRightLink"> <span>ANZ/APAC</span> <span>1-519-651-2200</span> </a> </div> </div> </div> </div> <div class="Footer__Middle"> <div class="Footer__MiddleContent"> <div class="Footer__MiddleSocialForm"> <div class="Footer__MiddleSocial"> <a href="https://ca.linkedin.com/company/esentire-inc-" target="_blank"> <svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" viewBox="0 0 34.62 35.53"><defs><style>.clsLinkedFooterIcon-1{fill:#172143;stroke-width:0}</style></defs><g id="Component_61_4"><path id="Rectangle_602" d="M2.96 12.68h6.21v19.79H2.96z" class="clsLinkedFooterIcon-1"/><path id="Path_1036" d="M25.95 12.24c-.23-.03-.47-.04-.72-.05-2.38-.13-4.66.92-6.12 2.8-.1.12-.19.25-.27.39v-2.65H12.9v19.79h6.21v-9.3c-.15-1.36.04-2.74.57-4 .56-.99 1.62-1.59 2.76-1.55a3.29 3.29 0 0 1 3.5 3.06V32.61h6.21V19.7c0-4.42-2.24-7.03-6.21-7.46" class="clsLinkedFooterIcon-1"/><path id="Path_1037" d="M9.67 6.52c0 1.99-1.61 3.6-3.6 3.6s-3.6-1.61-3.6-3.6 1.61-3.6 3.6-3.6 3.6 1.61 3.6 3.6" class="clsLinkedFooterIcon-1"/></g></svg> </a> <a href="https://twitter.com/eSentire" target="_blank"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 34.32 35.52"><path d="M25.65 5.92h4.53l-9.89 11.3L31.92 32.6h-9.11l-7.13-9.33-8.16 9.33H2.98l10.58-12.09L2.4 5.91h9.34l6.45 8.53 7.46-8.52ZM24.06 29.9h2.51L10.38 8.49H7.69L24.06 29.9Z" style="fill:#172143;stroke-width:0"/></svg> </a> <a href="https://www.youtube.com/c/eSentireInc" target="_blank"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 43.64 35.51"><path d="M35.02 8.42H8.63c-3.53 0-6.38 2.86-6.38 6.38v11.42c0 3.53 2.86 6.38 6.38 6.38h26.39c3.53 0 6.38-2.86 6.38-6.38V14.8c0-3.53-2.86-6.38-6.38-6.38ZM17.88 26.37V14.63l10.17 5.87-10.17 5.87Z" style="fill:#172143;stroke-width:0"/></svg> </a> </div> <div class="Footer__MiddleForm"> <iframe id="Footer__IframeEmbed" scrolling="no" src="https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw"></iframe> </div> </div> <div class="Footer__MiddleGrid"> <div class="Footer__LinksGroup"> <div class="Footer__LinksGroupHeader"> <h5>What we do</h5> <svg viewBox="0 0 15 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M14.24 0.75L7.49 7.49L0.75 0.75" stroke="currentColor" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/> </svg> </div> <nav> <a href="/what-we-do/esentire-managed-detection-and-response">Managed Detection and Response</a> <a href="/what-we-do/digital-forensics-and-incident-response">Digital Forensics and Incident Response</a> <a href="/what-we-do/exposure-vulnerability-and-risk-management">Exposure Management Services</a> <a href="/what-we-do/xdr-extended-detection-and-response">Extended Detection and Response (XDR)</a> <a href="/what-we-do/security-operations-center">Security Operations Center (SOC)</a> <a href="/what-we-do/mdr-integrations">Technology Integrations</a> <a href="/what-we-do/threat-response-unit">Threat Response Unit (TRU)</a> <a href="/what-we-do/team-esentire">Cyber Resilience Team</a> <a href="/what-we-do/esentire-managed-detection-and-response/microsoft-mdr">MDR for Microsoft</a> <a href="/what-we-do/esentire-managed-detection-and-response/aws-cloud-security">MDR for AWS</a> <a href="/what-we-do/esentire-managed-detection-and-response/mdr-for-genai">MDR for GenAI</a> <a href="/what-we-do/esentire-managed-detection-and-response/response-and-remediation">Response and Remediation</a> <a href="/how-we-do-it/mdr-pricing-packaging">MDR Pricing</a> </nav> </div> <div class="Footer__LinksGroup"> <div class="Footer__LinksGroupHeader"> <h5>How we do it</h5> <svg viewBox="0 0 15 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M14.24 0.75L7.49 7.49L0.75 0.75" stroke="currentColor" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/> </svg> </div> <nav> <a href="/how-we-do-it/signals/mdr-for-endpoint">Endpoint</a> <a href="/how-we-do-it/signals/mdr-for-network">Network</a> <a href="/how-we-do-it/signals/mdr-for-log">Log</a> <a href="/how-we-do-it/signals/cloud">Cloud</a> <a href="/how-we-do-it/signals/identity">Identity</a> </nav> </div> <div class="Footer__LinksGroup"> <div class="Footer__LinksGroupHeader"> <h5>Industries</h5> <svg viewBox="0 0 15 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M14.24 0.75L7.49 7.49L0.75 0.75" stroke="currentColor" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/> </svg> </div> <nav> <a href="/how-we-do-it/industries/insurance-cybersecurity">Insurance</a> <a href="/how-we-do-it/industries/construction-cybersecurity">Construction</a> <a href="/how-we-do-it/industries/financial-services-cybersecurity">Finance</a> <a href="/how-we-do-it/industries/legal-cybersecurity">Legal</a> <a href="/how-we-do-it/industries/manufacturing-cybersecurity">Manufacturing</a> <a href="/how-we-do-it/industries/private-equity-cybersecurity">Private Equity</a> <a href="/how-we-do-it/industries/healthcare-cybersecurity">Healthcare</a> <a href="/how-we-do-it/industries/retail-cybersecurity">Retail</a> <a href="/how-we-do-it/industries/food-supply-cybersecurity">Food Supply</a> <a href="/how-we-do-it/industries/state-local-governments-cybersecurity">Government and Education</a> <a href="/how-we-do-it/industries/automotive-dealerships">Automotive Dealerships</a> </nav> </div> <div class="Footer__LinksGroup"> <div class="Footer__LinksGroupHeader"> <h5>Use Cases</h5> <svg viewBox="0 0 15 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M14.24 0.75L7.49 7.49L0.75 0.75" stroke="currentColor" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/> </svg> </div> <nav> <a href="/how-we-do-it/use-cases/ransomware">Ransomware</a> <a href="/how-we-do-it/use-cases/third-party-cyber-risk">Third-Party Risk</a> <a href="/how-we-do-it/use-cases/sensitive-data">Sensitive Data Security</a> <a href="/how-we-do-it/use-cases/cloud-misconfiguration-breaches">Cloud Misconfiguration</a> <a href="/how-we-do-it/use-cases/zero-day-exploits">Zero Day Attacks</a> <a href="/how-we-do-it/use-cases/cyber-risk-management">Cyber Risk</a> <a href="/how-we-do-it/use-cases/cybersecurity-compliance">Cybersecurity Compliance</a> <a href="/how-we-do-it/use-cases/mdr-outsourcing">Do More With Less</a> <a href="/how-we-do-it/use-cases/meet-cyber-insurance-requirements">Cyber Insurance</a> <a href="/how-we-do-it/use-cases/security-leadership">Security Leadership</a> <a href="/how-we-do-it/use-cases/cyber-threat-intelligence">Cyber Threat Intelligence</a> </nav> </div> <div class="Footer__LinksGroup"> <div class="Footer__LinksGroupHeader"> <h5>Resources</h5> <svg viewBox="0 0 15 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M14.24 0.75L7.49 7.49L0.75 0.75" stroke="currentColor" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/> </svg> </div> <nav> <a href="/resources/security-advisories">Security Advisories</a> <a href="/resources/blog">Blog</a> <a href="/resources/library">Resource Library</a> <a href="/resources/video-library">Video Library</a> <a href="/resources/tru-intelligence-center">TRU Intelligence Center</a> <a href="/resources/mdr-and-cybersecurity-case-studies">Case Studies</a> <a href="/switch-to-esentire">Switch to eSentire</a> <a href="/consolidate-and-save">Consolidate & Save</a> <a href="/esentire-mdr-vs-everyone">Real vs. Fake MDR</a> <a href="/esentire-mdr-vs-everyone/compare">Compare MDR Vendors</a> <a href="/cybersecurity-fundamentals-defined">Cybersecurity Glossary</a> </nav> </div> <div class="Footer__LinksGroup"> <div class="Footer__LinksGroupHeader"> <h5>Tools</h5> <svg viewBox="0 0 15 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M14.24 0.75L7.49 7.49L0.75 0.75" stroke="currentColor" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/> </svg> </div> <nav> <a href="/cybersecurity-assessment-tool">Cybersecurity Assessment</a> <a href="/mdr-roi-calculator">MDR ROI Calculator</a> <a href="/security-operations-center-pricing-calculator">SOC Calculator</a> <a href="/mitre-attck-framework-tool">MITRE ATT&CK® Tool</a> </nav> </div> <div class="Footer__LinksGroup"> <div class="Footer__LinksGroupHeader"> <h5>Company</h5> <svg viewBox="0 0 15 9" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M14.24 0.75L7.49 7.49L0.75 0.75" stroke="currentColor" stroke-width="1.5" stroke-miterlimit="10" stroke-linecap="round" stroke-linejoin="round"/> </svg> </div> <nav> <a href="/company/about-us">About Us</a> <a href="/company/leadership">Leadership</a> <a href="/company/newsroom">Newsroom</a> <a href="/company/event-calendar">Event Calendar</a> <a href="/company/careers">Careers</a> <a href="/partners">Partners</a> <a href="/en-au-nz/switch-to-esentire">Australia & New Zealand</a> <a href="/en-gb/switch-to-esentire">United Kingdom</a> </nav> </div> </div> </div> </div> <div class="Footer__Legal"> <p>2024 eSentire, Inc. All Rights Reserved.</p> <nav class="Footer__LegalNav"> <a href="/sitemap">Sitemap</a> <a href="/legal/terms-and-conditions">Terms and Conditions</a> <a href="/legal/privacy-policy">Privacy Policy</a> <a href="/legal/accessibility">Accessibility</a> <a href="/legal/documents">Legal</a> </nav> </div> </div> </div> <script> // Create cookie function setCookie(cname, cvalue, exdays) { const d = new Date(); d.setTime(d.getTime() + (exdays*24*60*60*1000)); let expires = "expires="+ d.toUTCString(); document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/"; } // Delete cookie function deleteCookie(cname) { const d = new Date(); d.setTime(d.getTime() + (24*60*60*1000)); let expires = "expires="+ d.toUTCString(); document.cookie = cname + "=;" + expires + ";path=/"; } // Read cookie function getCookie(cname) { let name = cname + "="; let decodedCookie = decodeURIComponent(document.cookie); let ca = decodedCookie.split(';'); for(let i = 0; i <ca.length; i++) { let c = ca[i]; while (c.charAt(0) == ' ') { c = c.substring(1); } if (c.indexOf(name) == 0) { return c.substring(name.length, c.length); } } return ""; } // Set cookie consent function acceptCookieConsent(){ deleteCookie('user_cookie_consent'); setCookie('user_cookie_consent', 1, 30); document.getElementById("cookie-consent").classList.remove('show'); } let cookie_consent = getCookie("user_cookie_consent"); if(cookie_consent != ""){ }else{ document.getElementById("cookie-consent").classList.add('show'); } </script> <script type="application/ld+json">{"@context":"http://schema.org","@graph":[{"@type":"WebPage","author":{"@id":"https://www.esentire.com/#identity"},"copyrightHolder":{"@id":"https://www.esentire.com/#identity"},"copyrightYear":"2024","creator":{"@id":"https://www.esentire.com/#creator"},"dateCreated":"2024-11-14T11:03:47-05:00","dateModified":"2024-11-14T18:28:23-05:00","datePublished":"2024-11-14T11:38:00-05:00","description":"Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes. We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware. Our Security Operations Centers are supported with Threat Intelligence, Tactical Threat Response and Advanced Threat Analytics driven by our Threat Response Unit – the TRU team. In TRU Positives, eSentire’s Threat Response Unit (TRU) provides a summary of a recent threat investigation. We outline how we responded to the confirmed threat and what recommendations we have going forward. Here’s the latest from our TRU Team… What did we find? In October 2024, the eSentire Threat Response Unit (TRU) responded to an incident where a software developer downloaded a JavaScript project that contained BeaverTail malware. Upon installing the project through the Node Package Manager (NPM) command, it executed malicious JavaScript files and subsequently deployed the InvisibleFerret malware to the host. The InvisibleFerret malware was executed through a Python command, which fingerprinted the host's information and stole the browser's credentials. In response, our team of 24/7 SOC Cyber Analysts responded by isolating the impacted host and alerting the customer with the relevant details. Upon further investigation by eSentire’s TRU team, it was determined that the observed Tactics, Techniques, and Procedures (TTPs) were consistent with those reported to be used by North Korea threat actors, also tracked as Contagious Interview. Initial Access A ZIP file named 'task-space-eshop-aeea6cc51a7c.zip' was found in the user's download directory. eSentire Threat Intelligence team assesses the chances as probable that the victim downloaded the zip from a BitBucket project named “eshop” (Figure 1). Figure 1 eshop project hosted on Bitbucket. The malicious “eshop” repository was committed by the user “francesco zaid” (Figure 2). Figure 2 Author “francesco zaid” (screenshot taken October 24th, 2024). The commits to eshop occurred roughly five days after a job posting for a freelancer was published on a freelance job board. The job was posted by a user named “francesco zaid” on the “www.freelancermap[.]com” (Figure 3). Figure 3 Possible Fake Job posting associated with the Contagious Interview Campaign. It should be noted that the eSentire Threat Intelligence team reviewed the job posting and was unable to find a direct link to the eshop repository from the posting; however, given the contact person’s name being the same name used to upload content to the repository, it is a notable finding and is consistent with the Contagious Interview campaign Tactics, Techniques and Procedures (TTPs) of luring software developers with fraudulent jobs. The victim in the incident eSentire responded to appears to be a software developer, which aligns with the TTPs of previously reported on campaigns by North Korean threat actors where software developers were targeted. Execution Chain The ZIP file downloaded by the victim contained a malicious NPM package that once installed by the victim, executed “server.js” file that is defined in the “package.json” and subsequently, loads a malicious JavaScript file (error.js) (Figure 4). Figure 4 “server.js” file was defined to be executed in the “package.json” file The “server.js” file is used as an entry point to load the file located in “backend/middlewares/helpers/error.js”, which facilitates further malicious activities on the victim machine such as: steal saved login credentials in the browsers; collect system information; enumerates crypto wallet extensions in the targeted browsers; and, steal configuration data from crypto wallets like Exodus and Solana. This JavaScript file (error.js) is highly obfuscated and after analysis it was determined to be a component for t","headline":"Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2","image":{"@type":"ImageObject","url":"https://esentire-dot-com-assets.s3.amazonaws.com/assetsV4/External/SEO/tru_meta_BoredBeaverTail.jpg"},"inLanguage":"en-us","mainEntityOfPage":"https://www.esentire.com/blog/bored-beavertail-invisibleferret-yacht-club-a-lazarus-lure-pt-2","name":"Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2","publisher":{"@id":"https://www.esentire.com/#creator"},"url":"https://www.esentire.com/blog/bored-beavertail-invisibleferret-yacht-club-a-lazarus-lure-pt-2"},{"@id":"https://www.esentire.com/#identity","@type":"LocalBusiness","address":{"@type":"PostalAddress","addressCountry":"CA","addressLocality":"Waterloo","addressRegion":"Ontario","postalCode":"N2L 3X2","streetAddress":"451 Phillip St, Suite 135, ON"},"alternateName":"eSentire Corporate Marketing","description":"eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire’s award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit www.esentire.com and follow @webinars.","email":"info@esentire.com","founder":"Eldon Sprickerhoff","foundingDate":"2001-01-01","foundingLocation":"Waterloo, Ontario","geo":{"@type":"GeoCoordinates","latitude":"43.48356169301266","longitude":"-80.54315326704616"},"image":{"@type":"ImageObject","height":"512","url":"https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assets/eSentire_emblem_512x512.jpg","width":"512"},"logo":{"@type":"ImageObject","height":"60","url":"https://esentire-dot-com-assets.s3.amazonaws.com/assets/_600x60_fit_center-center_82_none/302747/eSentire_emblem_512x512.png?mtime=1709753172","width":"60"},"name":"eSentire Inc.","openingHoursSpecification":[{"@type":"OpeningHoursSpecification","closes":"09:00:00","dayOfWeek":["Sunday"],"opens":"09:00:00"},{"@type":"OpeningHoursSpecification","closes":"09:00:00","dayOfWeek":["Monday"],"opens":"09:00:00"},{"@type":"OpeningHoursSpecification","closes":"09:00:00","dayOfWeek":["Tuesday"],"opens":"09:00:00"},{"@type":"OpeningHoursSpecification","closes":"09:00:00","dayOfWeek":["Wednesday"],"opens":"09:00:00"},{"@type":"OpeningHoursSpecification","closes":"09:00:00","dayOfWeek":["Thursday"],"opens":"09:00:00"},{"@type":"OpeningHoursSpecification","closes":"09:00:00","dayOfWeek":["Friday"],"opens":"09:00:00"},{"@type":"OpeningHoursSpecification","closes":"09:00:00","dayOfWeek":["Saturday"],"opens":"09:00:00"}],"priceRange":"$$$","telephone":"1-866-579-2200","url":"https://www.esentire.com"},{"@id":"https://www.esentire.com/#creator","@type":"ProfessionalService","address":{"@type":"PostalAddress","addressCountry":"CA","addressLocality":"Waterloo","addressRegion":"Ontario","postalCode":"N2L 3X2","streetAddress":"451 Phillip St, Suite 135, ON"},"alternateName":"eSentire Corporate Marketing","email":"info@esentire.com","founder":"Eldon Sprickerhoff","foundingDate":"2001-01-01","foundingLocation":"Waterloo, Ontario","geo":{"@type":"GeoCoordinates","latitude":"43.48356169301266","longitude":"-80.54315326704616"},"image":{"@type":"ImageObject","height":"512","url":"https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assets/eSentire_emblem_512x512.jpg","width":"512"},"logo":{"@type":"ImageObject","height":"60","url":"https://esentire-dot-com-assets.s3.amazonaws.com/assets/_600x60_fit_center-center_82_none/302747/eSentire_emblem_512x512.png?mtime=1709753172","width":"60"},"name":"eSentire Inc.","priceRange":"$$$","telephone":"1-866-579-2200","url":"https://www.esentire.com"},{"@type":"BreadcrumbList","description":"Breadcrumbs list","itemListElement":[{"@type":"ListItem","item":"https://www.esentire.com","name":"Homepage","position":1},{"@type":"ListItem","item":"https://www.esentire.com/blog","name":"Blog","position":2},{"@type":"ListItem","item":"https://www.esentire.com/blog/bored-beavertail-invisibleferret-yacht-club-a-lazarus-lure-pt-2","name":"Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2","position":3}],"name":"Breadcrumbs"}]}</script> <script src="/main.js?v=4.11.57"></script> <script src="/style.js"></script> <script type="text/javascript" src="https://unpkg.com/aos@2.3.1/dist/aos.js"></script> <script type="text/javascript"> function readCookie(c_name) { var c_value = document.cookie; var c_start = c_value.indexOf(" " + c_name + "="); if (c_start == -1) { c_start = c_value.indexOf(c_name + "="); } if (c_start == -1) { c_value = null; } else { c_start = c_value.indexOf("=", c_start) + 1; var c_end = c_value.indexOf(";", c_start); if (c_end == -1) { c_end = c_value.length; } c_value = unescape(c_value.substring(c_start, c_end)); } return c_value; } </script> <script> AOS.init(); </script> <noscript> <img src="https://ws.zoominfo.com/pixel/3k8XsFBkOniCq5dTRwpV" alt="ZoomInfo Image for Video" width="1" height="1" style="display: none;" /> </noscript> <script type="text/javascript"> window._mfq = window._mfq || []; (function() { var mf = document.createElement("script"); mf.type = "text/javascript"; mf.defer = true; mf.src = "//cdn.mouseflow.com/projects/ce788296-8259-4e39-bcae-56ddd5b7e767.js"; document.getElementsByTagName("head")[0].appendChild(mf); })(); </script> </body> </html>

CINXE.COM

eSentire | Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus…