1 rule found for "BlackBerry Threat Research and Intelligence Team"
Detects changes to the PSFactory COM InProcServer32 registry. This technique was used by RomCom to create persistence storing a malicious DLL.