Adversaries try to hide malicious components by renaming them as legitimate Windows binaries. This technique has been used by the Turla threat actor group and others. Here’s how to threat hunt for this behavior.
Article Link: https://intel471.com/blog/threat-hunting-case-study-uncovering-turla