top of page

Threat analysis: Follina exploit fuels 'live-off-the-land' attacks

An analysis of three in-the-wild payloads delivered using the recently discovered Follina exploit shows how attackers can use it to achieve persistent access in victim environments and turbo-charge efforts to ‘live off the land’ and avoid detection by security monitoring tools.

MALWARE FAMILIES: Cobalt Strike, Mimikatz

ATT&CK IDS: T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1027 - Obfuscated Files or Information, T1003 - OS Credential Dumping, T1559 - Inter-Process Communication, T1566 - Phishing, T1210 - Exploitation of Remote Services, T1078 - Valid Accounts

Read More:

1 view


Kommentarer er slået fra.
bottom of page