T1204.002 – D E C E I V E R . I O

Deceive, Detect, Engage

COLDRIVER – SPICA malware

APT group Coldriver uses spearphishing to deliver malware via PDFs as lure documents.

COLDRIVER – UNC4057, Star Blizzard and Callisto

The attacker, impersonating experts or affiliates, sends a phishing link or document containing a link to a “decryption” utility. This utility is malware (SPICA backdoor) that gives the attacker access to the victim’s machine. The malware establishes persistence, communicates with a C2 server using JSON over WebSockets, and then collects and exfiltrates data.

Tag: T1204.002

COLDRIVER – SPICA malware

COLDRIVER – UNC4057, Star Blizzard and Callisto

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense