WithSecure has revealed the latest details of the DUCKTAIL malware operation, which was previously described by Deep Instinct Threat Lab as a “strategic threat” that was being tested to avoid detection.
REFERENCES: https://www.deepinstinct.com/blog/ducktail-threat-operation-re-emerges-with-new-lnk-powershell-and-other-custom-tactics-to-avoid-detection https://github.com/deepinstinct/DuckTail_IOCs/blob/main/Archives.txt https://github.com/deepinstinct/DuckTail_IOCs/blob/main/LNK.txt https://github.com/deepinstinct/DuckTail_IOCs/blob/main/URLs.txt
MALWARE FAMILIES: DUCKTAIL, doenerium, Vidar
ATT&CK IDS: T1012 - Query Registry, T1027 - Obfuscated Files or Information, T1057 - Process Discovery, T1083 - File and Directory Discovery, T1102 - Web Service, T1176 - Browser Extensions, T1204 - User Execution, T1547 - Boot or Logon Autostart Execution, T1566 - Phishing, T1567 - Exfiltration Over Web Service, T1553 - Subvert Trust Controls, T1588 - Obtain Capabilities, T1016 - System Network Configuration Discovery, T1587 - Develop Capabilities
Read More:
Comments