T1562 – D E C E I V E R . I O

Deceive, Detect, Engage

Threat Hunting Scenario: Lazarus Group’s Evolved Infection Chain

Lazarus group actors are actively targeting specific industries with tailored spearphishing attacks, utilizing trojanized remote access tools and a complex infection chain involving multiple malware stages and C2 communication for persistent access and data exfiltration.

Threat Hunting Scenario based on the Cyber Anarchy Squad (C.A.S) Attacks

C.A.S actors gain initial access through the exploitation of public-facing applications, establish persistence, escalate privileges, and utilize various tools and techniques to achieve their objectives, including data exfiltration, encryption, and destruction.

Tag: T1562

Threat Hunting Scenario: Lazarus Group’s Evolved Infection Chain

Threat Hunting Scenario based on the Cyber Anarchy Squad (C.A.S) Attacks

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense