A European private-sector offensive actor (PSOA) has developed malware used in a series of targeted attacks against Microsoft customers in Europe and Central American countries from July 27, 2022, Microsoft has said.
ADVERSARY: KNOTWEED
INDUSTRIES: Banks, Financial, Energy, Retail, Technology
MALWARE FAMILIES: Corelump, Jumplump, Subzero, PSOA
ATT&CK IDS: T1566 - Phishing, T1068 - Exploitation for Privilege Escalation, T1546 - Event Triggered Execution, T1140 - Deobfuscate/Decode Files or Information, T1550 - Use Alternate Authentication Material, T1518 - Software Discovery, T1547 - Boot or Logon Autostart Execution, T1027 - Obfuscated Files or Information, T1560 - Archive Collected Data, T1059 - Command and Scripting Interpreter, T1553 - Subvert Trust Controls
Read More:
Comments