top of page
Search

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

A European private-sector offensive actor (PSOA) has developed malware used in a series of targeted attacks against Microsoft customers in Europe and Central American countries from July 27, 2022, Microsoft has said.




ADVERSARY: KNOTWEED



MALWARE FAMILIES: Corelump, Jumplump, Subzero, PSOA


ATT&CK IDS: T1566 - Phishing, T1068 - Exploitation for Privilege Escalation, T1546 - Event Triggered Execution, T1140 - Deobfuscate/Decode Files or Information, T1550 - Use Alternate Authentication Material, T1518 - Software Discovery, T1547 - Boot or Logon Autostart Execution, T1027 - Obfuscated Files or Information, T1560 - Archive Collected Data, T1059 - Command and Scripting Interpreter, T1553 - Subvert Trust Controls


Read More:

0 views
bottom of page