T1105 – D E C E I V E R . I O

Deceive, Detect, Engage

Threat Hunting Scenario: BadIIS

Attackers are exploiting vulnerable IIS servers to install the BadIIS malware, which is then used to manipulate SEO and redirect users to malicious websites.

Lazarus Lure in Yacht club

The Lazarus group is conducting a spearphishing campaign targeting individuals involved in the maritime industry, particularly yacht and luxury vessel sales, using malicious attachments to deliver malware.

Campaign against Russian Opposition

The attacker may use phishing emails with malicious attachments to deliver and execute a malicious tool, such as a reverse shell, on the victim’s machine. The tool will likely use web protocols to communicate with the attacker’s C2 server.

Tag: T1105

Threat Hunting Scenario: BadIIS

Lazarus Lure in Yacht club

Campaign against Russian Opposition

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense