3/30/2023 0 Comments Folder2iso download![]() As we like to map to MITRE ATT&CK, this technique most closely resembles T1553.005 - Subvert Trust Controls: Mark-of-the-Web Bypass. Packaging a payload in an ISO image file is interesting because when downloaded from the internet, it will bypass the Mark-of-the-Web security controls. T1071 - Application Layer Protocol: HTTPS heartbeat of 62 seconds and jitter of 39% ![]() T1204.002 - User Execution: Malicious File (Windows Explorer Shortcut) T1218.011 - Signed Binary Proxy Execution: Rundll32 T1553.005 - Subvert Trust Controls: Mark-of-the-Web Bypass (ISO Image) T1566.002 - Phishing: Spearphishing Link (Link downloads ISO image) T1566.003 - Phishing: Spearphishing via Service (Constant Contact) ![]() T1584.006 - Compromise Infrastructure: Web Services (compromised the Constant Contact account of USAID) NOBELIUM, the Russian threat actor behind SolarWinds compromised Constant Contact to send malicious emails with a weaponized ISO file
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |