The threat actor has gained initial access and is utilizing various defense evasion techniques to avoid detection while establishing persistence and maintaining control.
Category: Threat Hunt
Brute Forcing Hunt 4 Hunt
The threat actor will use brute force and password spraying to target multiple accounts until one is successfully compromised. Once in, the threat actor will attempt to gather credentials and other information about the network to sell.
Ursnif Banking Trojan
The Ursnif banking trojan may be present in the environment, utilizing memory injection techniques to evade detection and maintain persistence.
COLDRIVER – SPICA malware
APT group Coldriver uses spearphishing to deliver malware via PDFs as lure documents.
Campaign against Russian Opposition
The attacker may use phishing emails with malicious attachments to deliver and execute a malicious tool, such as a reverse shell, on the victim’s machine. The tool will likely use web protocols to communicate with the attacker’s C2 server.
Volt Typhoon against energy etc.
Attackers may be using Mshta.exe or Rundll32.exe to execute malicious code.
Sea Turtle
The attacker is actively scanning the internet for vulnerable hosts, and then compromising those hosts for future malicious activity.
Clearing Fog of War
A malicious actor might be leveraging MSHTA for defense evasion and utilizing various techniques for OS credential dumping within the environment.