maybe, but thats no longer an issue they need a new cert and ofc they will have. maybe they will change it again before next detection. checking the cert may help, but better is to prevent its intrusion and its behavior as shown you need to lock or sandbox such calls. the rest see likend article.
If they need a new cert, does it pass SAP Essentials Name and Thumbprint check, i doubt that. So then it can't do anything. In SAP+ there's already a default rule for rundll, tho its like "always block if rundll runs javacript". Quite good for a basic rule. Sure tech savvys can make their own rules.
I guess it's this type of malware that can often bypass multiple AV's, they are using quite nifty tricks. Cool that Elastic was able to detect this, but they didn't perform too good in the latest AV-Comparatives Business Security Test. Would be interesting to know if a tool like OSArmor could have blocked this malware post execution.
