Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
11 résultats taggé TTP  ✕
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader https://blog.talosintelligence.com/lilacsquid/
30/05/2024 14:52:52
QRCode
archive.org
thumbnail

Multiple TTPs utilized in this campaign bear some overlap with North Korean APT groups.

talosintelligence EN 2024 TTP LilacSquid research
Midnight Blizzard: Guidance for responders on nation-state attack https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/
26/01/2024 14:03:29
QRCode
archive.org
thumbnail

The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. The Microsoft Threat Intelligence investigation identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as NOBELIUM.

microsoft 2024 EN Midnight MidnightBlizzard guide attack TTP
Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains https://unit42.paloaltonetworks.com/detecting-malicious-stockpiled-domains/
19/12/2023 14:52:21
QRCode
archive.org
thumbnail

Using machine learning to target stockpiled malicious domains, the results of our detection pipeline tool highlight campaigns from phishing to scams.

unit42 EN 2023 TTP technique stockpiled DNS Malicious Early-Detection
Negotiating with LockBit: Uncovering the Evolution of Operations and Newly Established Rules https://analyst1.com/blog-negotiating-with-lockbit-uncovering-the-evolution-of-operations-and-newly-established-rules/
17/11/2023 14:55:57
QRCode
archive.org

What defines success for ransomware actors during an attack? Breaching a victim’s network, exfiltrating valuable data, and encrypting systems are crucial components. However, the ultimate measurement of success is the actor’s ability to extort a ransom payment, which determines if they achieve their financial goals. Navigating the ransom negotiation phase, whether conducted by the victims themselves or designated recovery firms, demands a high level of expertise and a deep understanding of the attackers involved. This includes studying of the threat actor’s profile, tactics, and evolving strategies. In this complex landscape, there is no one-size-fits-all playbook for successfully managing the negotiation phase, as each ransomware group exhibits distinct behaviors and adopts new tactics shaped by many factors.

analyst1 EN 2023 LockBit threat-actor TTP ransomware group
Not so lucky: BlackCat is back! https://research.nccgroup.com/2023/10/31/unveiling-the-dark-side-a-deep-dive-into-active-ransomware-families/
06/11/2023 18:35:02
QRCode
archive.org
thumbnail

While the main trend in the cyber threat landscape in recent months has been MoveIt and Cl0p, NCC Groups’ Cyber Incident Response Team have also been handling multiple different ransomware groups over the same period.

In the ever-evolving cybersecurity landscape, one consistent trend witnessed in recent years is the unsettling rise in ransomware attacks. These nefarious acts of digital extortion have left countless victims scrambling to safeguard their data, resources, and even their livelihoods. To counter this threat, every person in the cyber security theatre has a responsibility to shine light on current threat actor Tactics, Techniques and Procedures (TTP’S) to assist in improving defences and the overall threat landscape.

nccgroup EN 2023 TTP BlackCat D0nut Medusa NoEscape
Microsoft profiles new threat group with unusual but effective practices https://arstechnica.com/security/2023/10/microsoft-profiles-new-threat-group-with-unusual-but-effective-practices/
02/11/2023 11:26:09
QRCode
archive.org
thumbnail

Octo Tempest employs tactics that many of its targets aren't prepared for.

arstechnica Microsoft EN 2023 OctoTempest practices Tactics TTP
Clop Ransomware: History, Timeline, And Adversary Simulation https://fourcore.io/blogs/clop-ransomware-history-adversary-simulation
05/07/2023 10:30:44
QRCode
archive.org
thumbnail

The infamous Clop ransomware, mainly known as Cl0p, targets various industries and organizations, extorting data for a huge amount of ransom. It advances actively with new emerging campaigns. This blog walks through the Clop timeline, Mitre TTPs and their emulation.

fourcore EN 2023 Cl0p History Timeline TTP ransomware analysis
Bypassing Qakbot Anti-Analysis https://lab52.io/blog/bypassing-qakbot-anti-analysis-tactics/
27/03/2023 07:31:49
QRCode
archive.org

QakBot is a banking trojan that has been evolving since its first version was discovered in 2008. According to the 2022 report published by CISA, it was one of the most active variants in 2021, and during 2022 and so far in 2023 it has remained quite active. Taking a brief look at the latests news of QakBot it has been updating its tactics constantly, for example, using a Windows zero-day to avoid displaying the MoTW or the most recent one, using OneNote files to drop QakBot.

In this case we are particularly interested in the anti-analysis techniques used by QakBot during the early stages of its execution. These techniques can make malware analysis harder if they are not known, so learning to identify and bypass them is essential to get to see the malware’s operation at its full potential. Furthermore, there are techniques that can replicate / adopt different types of malware, so knowking them opens the door to the study of different samples.

lab52 EN 2023 Qakbot analysis anti-analysis techniques TTP
A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion – NCC Group Research https://research.nccgroup.com/2022/09/30/a-glimpse-into-the-shadowy-realm-of-a-chinese-apt-detailed-analysis-of-a-shadowpad-intrusion/
03/10/2022 21:21:19
QRCode
archive.org
thumbnail

This post explores some of the TTPs employed by a threat actor who was observed deploying ShadowPad during an incident response engagement.

nccgroup EN 2022 TTP research ShadowPad CVE-2022-29464 secur32.dll
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs https://securelist.com/modern-ransomware-groups-ttps/106824/
27/06/2022 09:19:46
QRCode
archive.org
thumbnail

We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks.

securelist EN 2022 TTP Cybercrime Malware-Technologies Ransomware Targeted-attacks TTPs deployment Tactics Techniques Procedures
OverWatch Insights: Reviewing a New Intrusion Targeting Mac Systems https://www.crowdstrike.com/blog/overwatch-insights-reviewing-a-new-intrusion-targeting-mac-systems/
28/04/2022 14:07:04
QRCode
archive.org
thumbnail

While Mac enterprise networks are not as common as Windows, and subject to less targeting by adversaries, recent CrowdStrike Falcon Overwatch observations shed light on sophisticated tactics, techniques and procedures (TTPs) targeting Mac environments.

crowdstrike 2018 EN Mac macos tactics TTP Intrusion
4252 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio