Wreaking havoc in cyberspace: threat actors experiment with pentest tools
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Recent research reveals adversaries increasingly using the Havoc post-exploitation framework to bypass cybersecurity systems. Two campaigns utilizing this framework were analyzed. The first campaign involved phishing emails with malicious archives containing ISO files and LNK files, which downloaded and executed a loader disguised as OneDriveUpdater. The loader contained a Demon implant from the Havoc framework. The second campaign used a phishing email with a link to a webpage containing an encoded malicious payload, which also deployed a Demon implant. Both campaigns aimed to evade detection by using lesser-known tools and frameworks. The research highlights the ongoing trend of adversaries seeking alternatives to traditional malware and exploiting phishing emails as a primary attack vector.
OPENCTI LABELS :
phishing,loader,havoc,cybersecurity evasion,demon,havoc framework,demon implant,post-exploitation
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Wreaking havoc in cyberspace: threat actors experiment with pentest tools