top of page
Search

DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid De

WithSecure has revealed the latest details of the DUCKTAIL malware operation, which was previously described by Deep Instinct Threat Lab as a “strategic threat” that was being tested to avoid detection.


REFERENCES: https://www.deepinstinct.com/blog/ducktail-threat-operation-re-emerges-with-new-lnk-powershell-and-other-custom-tactics-to-avoid-detection https://github.com/deepinstinct/DuckTail_IOCs/blob/main/Archives.txt https://github.com/deepinstinct/DuckTail_IOCs/blob/main/LNK.txt https://github.com/deepinstinct/DuckTail_IOCs/blob/main/URLs.txt



MALWARE FAMILIES: DUCKTAIL, doenerium, Vidar


ATT&CK IDS: T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1057 - Process Discovery, T1083 - File and Directory Discovery, T1102 - Web Service, T1176 - Browser Extensions, T1204 - User Execution, T1547 - Boot or Logon Autostart Execution, T1566 - Phishing, T1567 - Exfiltration Over Web Service, T1553 - Subvert Trust Controls, T1588 - Obtain Capabilities, T1016 - System Network Configuration Discovery, T1587 - Develop Capabilities


Read More:

3 views

Comentarios


Los comentarios se han desactivado.
bottom of page