“fake ssa emails drive venomous # helper phishing campaign a long - running phishing operation that abuses signed remote monitoring and management ( rmm ) software to plant silent, persistent backdoors on victim machines has compromised more than 80 organizations, predominantly in…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
77%
“securonix found the link directed victims to a compromised mexican business site, gruta [. ] com. mx, which served an ssa - branded harvesting page before redirecting to a payload hosted on a separate compromised cpanel account. the researchers said the use of established. com. m…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
68%
“software, the only thing that catches it is the behavior it leaves behind. " defenders were urged to deploy high - fidelity endpoint telemetry systems, maintain approved - tool inventories and hunt for anomalous process lineage from signed rmm binaries.”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
60%
“securonix found the link directed victims to a compromised mexican business site, gruta [. ] com. mx, which served an ssa - branded harvesting page before redirecting to a payload hosted on a separate compromised cpanel account. the researchers said the use of established. com. m…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1667Email Bombing
47%
“fake ssa emails drive venomous # helper phishing campaign a long - running phishing operation that abuses signed remote monitoring and management ( rmm ) software to plant silent, persistent backdoors on victim machines has compromised more than 80 organizations, predominantly in…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1047Windows Management Instrumentation
32%
“rat process and restarted it automatically if killed. the simplehelp build deployed was a cracked 2017 package whose certificate expired in 2018, indicating the operators incurred no licensing cost or vendor paper trail. in a one - hour observation, securonix recorded 986 process…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
32%
“rat process and restarted it automatically if killed. the simplehelp build deployed was a cracked 2017 package whose certificate expired in 2018, indicating the operators incurred no licensing cost or vendor paper trail. in a one - hour observation, securonix recorded 986 process…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Venomous#Helper attackers impersonate the US Social Security Administration to deploy signed RMM software and maintain persistent access across US networks