From South America to Southeast Asia: The Fragile Web of REF7707

SUMMARY :

While the REF7707 campaign is characterized by a well-engineered, highly capable, novel intrusion set, the campaign owners exhibited poor campaign management and inconsistent evasion practices.

OPENCTI LABELS :

powershell,linux,windows,siestagraph,persistence,certutil,scheduled task,finaldraft,ref7707,guidloader,pathloader,southeast asia,typo squatting,lolbas,lolbin,remote admin


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


From South America to Southeast Asia: The Fragile Web of REF7707