Blog - Page 9 of 22

Emulating the Opportunistic and Lightweight Lumma Stealer

AttackIQ has released a new assessment template that addresses the numerous post-compromise Tactics, Techniques, and Procedures (TTPs) associated with the subscription-based information stealer known as Lumma Stealer.

Author: Francis Guibernau October 15, 2024 Read More

Adversary Emulation

Emulating the Surging Hadooken Malware

AttackIQ has released a new attack graph that emulates the behaviors exhibited by the Hadooken malware during intrusions that abused misconfigurations and critical Remote Code Execution (RCE) vulnerabilities on public-facing Oracle Weblogic Servers.

October 3, 2024 Read More

Adversary Emulation

Emulating the Petrifying Medusa Ransomware

AttackIQ has released a new attack graph that emulates the behaviors exhibited by Medusa ransomware since the beginning of its activities in June 2021. Medusa is predominantly propagated through the exploitation of vulnerable services, such as public-facing assets or applications with known unpatched vulnerabilities, and the hijacking of legitimate accounts, often using Initial Access Brokers (IABs) for infiltration.

September 19, 2024 Read More

Adversary Emulation

Emulating the Persistent and Stealthy Ebury Linux Malware

AttackIQ has released a new attack graph that seeks to emulate the Tactics, Techniques and Procedures (TTPs) associated with Ebury Linux malware. Despite previous arrests and actions against key perpetrators, Ebury continues to evolve, and its operations remain active.

September 12, 2024 Read More

Most Recent

Adversary Emulation

Response to Lazarus’ 3CX Supply Chain Compromise

AttackIQ has released a new attack graph that aims to emulate the activities linked to the recent supply chain attack against the software developed by the company 3CX. This new release aims to emulate the activities carried out during the initial stages of the system compromise and the hands-on keyboard activity led by Lazarus Group.

April 14, 2023 Read More

Adversary Emulation

Emulating Recent Malicious Activity from the Iranian Adversary OilRig

AttackIQ has released a new full-featured attack graph that emulates recent activity carried out by the politically motivated Iranian-sponsored adversary known as OilRig.

April 4, 2023 Read More

Adversary Emulation

Emulating the Politically Motivated Chinese APT Mustang Panda

AttackIQ has released two new attack graphs that emulate recent activities conducted by the Chinese adversary known as Mustang Panda. The actor leveraged a historical family of malware known as PlugX, which is shared between multiple groups of Chinese origin known, and a new previously unknown backdoor exclusive to this actor.

March 23, 2023 Read More

Adversary Emulation

Emulating the Infamous Modular Banking Trojan BokBot

AttackIQ has released two new attack graphs that emulate recent activities involving the banking trojan known as BokBot, which has been primarily focused on exfiltrating data and stealing credentials. This new release continues our focused research on emulating shared e-crime malware used in attacks by multiple adversaries.

March 23, 2023 Read More

Adversary Emulation

Attack Graph Response to CISA Advisory (AA23-075A): #StopRansomware: LockBit 3.0

AttackIQ has released a new fully featured attack graph that emulates the behaviors demonstrated by the latest version the LockBit ransomware family “LockBit 3.0”, also known as “LockBit Black.”

March 17, 2023 Read More

Adversary Emulation

Attack Graph Response to CISA Advisory (AA23-074A): Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server

AttackIQ has released a new attack graph that emulates the Tactics, Techniques, and Procedures (TTPs) used by a cybercriminal-focused adversary who carried successfully exploited CVE-2019-18935 against an instance of Telerik UI at a federal civilian executive branch (FCEB) agency.

March 17, 2023 Read More

TTPs

Hiding in Plain Sight: Monitoring and Testing for Living-Off-the-Land Binaries

For malicious actors, opportunity can be found in the mundane. As adversaries continue to refine their approach with newer and more sophisticated methods to perform malicious activity, it is critical for detection engineers to stay up to date in the latest threat intelligence and adversary behaviors to monitor.

March 16, 2023 Read More

Adversary Emulation

Attack Graph Response to CISA Advisory (AA23-061A): #StopRansomware: Royal Ransomware

AttackIQ has released a new fully featured attack graph that emulates the tactics, techniques, and procedures (TTPs) observed in cyberattacks involving Royal Ransomware.

March 3, 2023 Read More

Adversary Emulation

Emulating the Cybercriminal Initial Access Broker TA551

AttackIQ has released a new fully featured attack graph that emulates the tactics, techniques, and procedures (TTPs) associated with a 2020 intrusion from the cybercriminal group TA551.

March 3, 2023 Read More

Center for Threat-Informed Defense

A Year of Impact: AttackIQ’s Applied Research in Threat-Informed Defense

Reactive to Preactive. Atomic to Anatomic. Lists to Graphs. Simulation to Emulation. To be prepared for the next attack, defenders must adapt and shift their focus to a threat-informed defense, to think like the adversary, and to test their security programs in a realistic manner.

February 27, 2023 Read More

Adversary Emulation

Emulating the Always Persistent Cybercrime Malware Emotet

AttackIQ has released two new attack graphs emulating recent Emotet campaigns that resulted in data exfiltration and ransomware extortion. This release continues our focused research on shared e-crime malware used in attacks by multiple threat actors.

February 17, 2023 Read More

Adversary Emulation

Democratizing the Practice of Adversary Emulation

AttackIQ is democratiziing the practice of threat-informed defense and adversary emulation, including by funding research from the Center for Threat-Informed Defense on micro-emulation planning. Learn more out how we put adversary emulation into practice in the AttackIQ Security Optimization Platform.

February 14, 2023 Read More