Alex Morgan — Threat Intelligence Analyst Key TakeawaysMalicious PowerShell scripts were used to exploit DCOM vulnerabilities for lateral movement.Persistence was achieved through registry modifications and scheduled tasks.Indicators of compromise including specific command-line parameters were identified…
Alex Morgan — Threat Intelligence Analyst Key TakeawaysEmotet is leveraging advanced evasion techniques and polymorphic payloads to ensure successful delivery and execution.The campaign demonstrates sophisticated lateral movement tactics using Windows Management Instrumentation (WMI) for reconnaissance…
Alex Morgan — Threat Intelligence Analyst Key TakeawaysAPT29 utilized a sophisticated supply chain attack to gain initial access to victim networks.We observed the deployment of the Cozy Bear malware family for post-exploitation activities.Detection of anomalous…
Alex Morgan — Threat Intelligence Analyst Key TakeawaysThe LNX_DROPPER campaign leverages malicious ISO files to initiate infections.Our analysis identified the use of T1559 – Use of Native Tools to execute PowerShell commands for persistence.Indicators of…
Alex Morgan — Threat Intelligence Analyst Key TakeawaysThis analysis details a multi-step attack leveraging phishing emails to gain initial access.The malware employed in this attack showcased advanced persistence mechanisms through registry modifications.Command and control communication…
Alex Morgan — Threat Intelligence Analyst Key TakeawaysThe attack utilized exploit kits targeting RDP vulnerabilities for initial access.Persistence mechanisms included scheduled tasks and registry modifications.Beaconing behavior was established through customized domains ensuring robust C2 communications.Executive…
Alex Morgan — Threat Intelligence Analyst Key TakeawaysThe 'Noky' malware utilizes social engineering to gain initial access, typically through phishing emails leading to credential theft.Our analysis identified the use of T1059.001 – PowerShell for executing…