216.73.216.86

Wreaking havoc in cyberspace: threat actors experiment with pentest tools

· Published 08/10/2024 16:51 · Modified 09/10/2024 08:35

Export JSON

Essential information

Published
08/10/2024 16:51
Modified
09/10/2024 08:35
Tags
2024-10-08 cybersecurity evasion demon demon implant havoc havoc framework loader phishing post-exploitation
Related entities
11 techniques (mitre), 2 malware

Description

Recent research reveals adversaries increasingly using the framework to bypass cybersecurity systems. Two campaigns utilizing this framework were analyzed. The first campaign involved emails with malicious archives containing ISO files and LNK files, which downloaded and executed a disguised as OneDriveUpdater. The contained a from the . The second campaign used a email with a link to a webpage containing an encoded malicious payload, which also deployed a . Both campaigns aimed to evade detection by using lesser-known tools and frameworks. The research highlights the ongoing trend of adversaries seeking alternatives to traditional malware and exploiting emails as a primary attack vector.

External references