Microsoft Security Threat Intelligence is seeing more complex attacks wherein the threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads. For example, Microsoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies.
ADVERSARY: DEV-0139
MALWARE FAMILY: Wolfic
ATT&CK IDS: T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1041 - Exfiltration Over C2 Channel, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1106 - Native API, T1132 - Data Encoding, T1204 - User Execution, T1566 - Phishing, T1574 - Hijack Execution Flow, T1583 - Acquire Infrastructure, T1591 - Gather Victim Org Information, T1593 - Search Open Websites/Domains
Read More:
Comments