Mshta – D E C E I V E R . I O

Deceive, Detect, Engage

Hunting CryptoBot in the wild

Attackers are using spearphishing emails containing malicious links to deliver malware that uses Rundll32 and Mshta for defense evasion.

Suspected TTPs:

Initial Access: Spearphishing Link
Execution: Rundll32
Defense Evasion: Mshta

Game of Emperor

The threat actor has gained initial access and is utilizing various defense evasion techniques to avoid detection while establishing persistence and maintaining control.

Tag: Mshta

Hunting CryptoBot in the wild

Game of Emperor

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense