An analysis of three in-the-wild payloads delivered using the recently discovered Follina exploit shows how attackers can use it to achieve persistent access in victim environments and turbo-charge efforts to ‘live off the land’ and avoid detection by security monitoring tools.
REFERENCE: https://blog.reversinglabs.com/blog/threat-analysis-follina-exploit-powers-live-off-the-land-attacks
MALWARE FAMILIES: Cobalt Strike, Mimikatz
ATT&CK IDS: T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1027 - Obfuscated Files or Information, T1003 - OS Credential Dumping, T1559 - Inter-Process Communication, T1566 - Phishing, T1210 - Exploitation of Remote Services, T1078 - Valid Accounts
Read More:
Comments