T1218.011 – D E C E I V E R . I O

Deceive, Detect, Engage

Hunt 4 DLL sideload by China

The threat actor may attempt to execute malicious code by side-loading a malicious DLL using a legitimate application.

Game of Emperor

The threat actor has gained initial access and is utilizing various defense evasion techniques to avoid detection while establishing persistence and maintaining control.

Volt Typhoon against energy etc.

Attackers may be using Mshta.exe or Rundll32.exe to execute malicious code.

Tag: T1218.011

Hunt 4 DLL sideload by China

Game of Emperor

Volt Typhoon against energy etc.

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense