PurpleFox Adds New Backdoor That Uses WebSockets

Trend Micro – Trend Micro – PurpleFox Adds New Backdoor That Uses WebSockets Cyber Threats In September 2021, the Trend Micro Managed XDR (MDR) team looked into suspicious activity related…

MirrorBlast, the New Phishing Campaign Targeting Financial Organizations

A fresh variant of a phishing campaign has been recently detected. By its nickname MirrorBlast, its targets are finance enterprises. The attack methods it uses consist of malicious Excel documents…

TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates

The group – which also created BazarLoader and the Conti ransomware – has juiced its distribution tactics to threaten enterprises more than ever. The cybercriminals behind the infamous TrickBot trojan…

Explosive New MirrorBlast Campaign Targets Financial Companies

Key Points:  Morphisec Labs tracked a new MirrorBlast campaign targeting financial services organizations  MirrorBlast is delivered via a phishing email that contains malicious links which download a weaponized Excel document…

PowerShell Obfuscation

Topics: AMSI | Layer 0 Obfuscation | Breaking Down a Reverse Shell | Stepping Into the Gauntlet | Invoke-PSObfuscation.ps1 | Wrapping Up | Resources This blog post was originally published…

What’s New in ATT&CK v9?

Jamie WilliamsApr 29 · 6 min read By Jamie Williams (MITRE), Jen Burns (MITRE), Cat Self (MITRE), and Adam Pennington (MITRE) As we promised in the ATT&CK 2021 Roadmap, today…

Intel CET In Action

As part of our continuous update cycles for our Advanced Windows Exploitation (AWE) class, we examine each new security mitigation and ensure we understand how it works and how it…

Defining ATT&CK Data Sources, Part II: Operationalizing the Methodology

Jose Luis RodriguezOct 20, 2020 · 9 min read In Part I of this two-part blog series, we reviewed the current state of the data sources and an initial approach…

Defining ATT&CK Data Sources, Part I: Enhancing the Current State

Jose Luis RodriguezSep 10, 2020 · 10 min readFigure 1: Example of Mapping of Process Data Source to Event Logs Discussion around ATT&CK often involves tactics, techniques, procedures, detections, and…

Actionable Detections: An Analysis of ATT&CK Evaluations Data Part 2 of 2

Jamie WilliamsJun 18, 2020 · 8 min read In part 1 of this blog series, we introduced how you can break down and understand detections by security products. When analyzing…