T1218.005 – D E C E I V E R . I O

Double-Tap Campaign by UAC-0063

The threat actor is conducting a spearphishing campaign to deliver malicious attachments, maintain persistence, and establish command and control.

Hunt 4 DLL sideload by China

The threat actor may attempt to execute malicious code by side-loading a malicious DLL using a legitimate application.

The Lazarus group is conducting a spearphishing campaign targeting individuals involved in the maritime industry, particularly yacht and luxury vessel sales, using malicious attachments to deliver malware.

Game of Emperor

The threat actor has gained initial access and is utilizing various defense evasion techniques to avoid detection while establishing persistence and maintaining control.

Volt Typhoon against energy etc.

Attackers may be using Mshta.exe or Rundll32.exe to execute malicious code.

Clearing Fog of War

A malicious actor might be leveraging MSHTA for defense evasion and utilizing various techniques for OS credential dumping within the environment.

Tag: T1218.005

Double-Tap Campaign by UAC-0063

Hunt 4 DLL sideload by China

Lazarus Lure in Yacht club

Game of Emperor

Volt Typhoon against energy etc.

Clearing Fog of War

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense