T1584.001 – D E C E I V E R . I O

Snowblind – The Invisible Hand of Secret Blizzard

Secret Blizzard compromised command-and-control (C2) infrastructure used by Storm-0156, a Pakistani-based threat actor, to gain access to their targets’ networks and data. They leveraged Storm-0156’s existing access to deploy their own malware, “TwoDash” and “Statuezy,” into Afghan government networks. They also potentially acquired Storm-0156’s tools, C2 and target network credentials, and exfiltrated data from previous operations.

COLDRIVER – SPICA malware

APT group Coldriver uses spearphishing to deliver malware via PDFs as lure documents.

Sea Turtle

The attacker is actively scanning the internet for vulnerable hosts, and then compromising those hosts for future malicious activity.

Tag: T1584.001

Snowblind – The Invisible Hand of Secret Blizzard

COLDRIVER – SPICA malware

Sea Turtle

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense