T1564.001 – D E C E I V E R . I O

Deceive, Detect, Engage

Game of Emperor

The threat actor has gained initial access and is utilizing various defense evasion techniques to avoid detection while establishing persistence and maintaining control.

Ursnif Banking Trojan

The Ursnif banking trojan may be present in the environment, utilizing memory injection techniques to evade detection and maintain persistence.

COLDRIVER – SPICA malware

APT group Coldriver uses spearphishing to deliver malware via PDFs as lure documents.

Tag: T1564.001

Game of Emperor

Ursnif Banking Trojan

COLDRIVER – SPICA malware

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense