top of page

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

A European private-sector offensive actor (PSOA) has developed malware used in a series of targeted attacks against Microsoft customers in Europe and Central American countries from July 27, 2022, Microsoft has said.


MALWARE FAMILIES: Corelump, Jumplump, Subzero, PSOA

ATT&CK IDS: T1566 - Phishing, T1068 - Exploitation for Privilege Escalation, T1546 - Event Triggered Execution, T1140 - Deobfuscate/Decode Files or Information, T1550 - Use Alternate Authentication Material, T1518 - Software Discovery, T1547 - Boot or Logon Autostart Execution, T1027 - Obfuscated Files or Information, T1560 - Archive Collected Data, T1059 - Command and Scripting Interpreter, T1553 - Subvert Trust Controls

Read More:

bottom of page