top of page
Search
Writer's pictureStormsec

Threat analysis: Follina exploit fuels 'live-off-the-land' attacks

An analysis of three in-the-wild payloads delivered using the recently discovered Follina exploit shows how attackers can use it to achieve persistent access in victim environments and turbo-charge efforts to ‘live off the land’ and avoid detection by security monitoring tools.




MALWARE FAMILIES: Cobalt Strike, Mimikatz


ATT&CK IDS: T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1027 - Obfuscated Files or Information, T1003 - OS Credential Dumping, T1559 - Inter-Process Communication, T1566 - Phishing, T1210 - Exploitation of Remote Services, T1078 - Valid Accounts


Read More:

1 view

Comments


Commenting has been turned off.
bottom of page