T1082 – Page 2 – D E C E I V E R . I O

Hunt: Snowblind – The Invisible Hand of Secret Blizzard

A sophisticated attacker, potentially the “Secret Blizzard” group, has gained access to the network and is actively attempting to establish persistence, evade detection, escalate privileges, and collect sensitive data. They are likely using custom malware with advanced anti-analysis capabilities and are targeting specific systems and data.

Exploitation of Firefox and Windows zero-day vulnerabilities

The RomCom threat actors are actively exploiting Firefox and Windows zero-day vulnerabilities to compromise systems, escalate privileges, establish persistence, and exfiltrate sensitive data.

Inside Water Barghests Rapid Exploit

Water Barghest actively scans the internet for vulnerable IoT devices, particularly those with known vulnerabilities or default credentials. Upon identifying a vulnerable device, they exploit it to gain initial access. This may involve exploiting vulnerabilities in web interfaces, using default or weak credentials, or leveraging unpatched software flaws.

Tag: T1082

Hunt: Snowblind – The Invisible Hand of Secret Blizzard

Exploitation of Firefox and Windows zero-day vulnerabilities

Inside Water Barghests Rapid Exploit

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense