TA397 – D E C E I V E R . I O

Deceive, Detect, Engage

Engage Report: TA397 RATs War

TA397 utilizes a malicious shortcut (LNK) file embedded within a RAR archive. This LNK file, when activated, executes PowerShell code that creates a scheduled task on the victim’s machine. This scheduled task enables the download and execution of additional payloads, establishing persistence on the compromised system.

Hunting all around for TA397 RATs

Attackers are using phishing emails to deliver malicious attachments that gather system information and exfiltrate it to a remote server.

Tag: TA397

Engage Report: TA397 RATs War

Hunting all around for TA397 RATs

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense