T1218 – D E C E I V E R . I O

Deceive, Detect, Engage

Engage Report: FLUX#CONSOLE

The threat actors utilize Microsoft Common Console Document (MSC) files to execute malicious JavaScript code. These MSC files are designed to mimic the appearance of PDF documents, deceiving users into opening them. Upon execution, the embedded JavaScript code facilitates the download and execution of a backdoor payload.

Exploitation of Firefox and Windows zero-day vulnerabilities

The RomCom threat actors are actively exploiting Firefox and Windows zero-day vulnerabilities to compromise systems, escalate privileges, establish persistence, and exfiltrate sensitive data.

Tag: T1218

Engage Report: FLUX#CONSOLE

Exploitation of Firefox and Windows zero-day vulnerabilities

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense