“compromised machine ’ s username and computer name to : https : / / hitpak [. ] org / page. php? tynor = < computername > sss < username > if the dll fails to retrieve either the username or computer name, it substitutes them with default placeholders – unusr probably for unknown…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
74%
“logged in, victims are presented with a selection of 14 female profiles, each featuring a photo, name, and age. all profiles are marked as locked, and tapping on one of them prompts the victim to enter an unlock code, as seen in figure 5. these codes are also hardcoded and not va…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
68%
“the victim ’ s machine without triggering visible alerts, leveraging powershell ’ s flexibility and stealth capabilities. at the time of analysis, the c & c server did not respond with any powershell payloads, suggesting either a dormant stage of the campaign or that the server w…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
65%
“##3 china - aligned apt group gref used badbazaar android malware to secretly autolink victims ’ signal accounts to the attacker ’ s device, which allowed the threat actor to spy on their victims ’ signal communications. after scanning the qr code presented by the fake ministry o…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1020Automated Exfiltration
63%
“runs in the background and silently monitors device activity and exfiltrates sensitive data to a c & c server ; see figure 7. beyond initial exfiltration, ghostchat engages in active espionage : it sets up a content observer to monitor newly created images and uploads them as the…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1564.003Hidden Window
63%
“compromised machine ’ s username and computer name to : https : / / hitpak [. ] org / page. php? tynor = < computername > sss < username > if the dll fails to retrieve either the username or computer name, it substitutes them with default placeholders – unusr probably for unknown…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1048Exfiltration Over Alternative Protocol
58%
“runs in the background and silently monitors device activity and exfiltrates sensitive data to a c & c server ; see figure 7. beyond initial exfiltration, ghostchat engages in active espionage : it sets up a content observer to monitor newly created images and uploads them as the…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
53%
“were designed to download and execute a dll payload from the url https : / / hitpak. org / notepad2 [. ] dll. at the time of analysis, the dll was no longer available on the server, but the intent was clearly to deliver and run malicious code on the victim ’ s machine. below is a…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
53%
“technique that tricks users into manually executing malicious code on their devices by following seemingly legitimate instructions. clickfix relies on user interaction – often through deceptive websites or fake alerts – to guide victims into downloading and running malicious scri…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.004Malicious Copy and Paste
52%
“technique that tricks users into manually executing malicious code on their devices by following seemingly legitimate instructions. clickfix relies on user interaction – often through deceptive websites or fake alerts – to guide victims into downloading and running malicious scri…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
38%
“##rates sensitive data and actively monitors the device for new content, confirming its role as a mobile surveillance tool. the campaign is also connected to broader infrastructure involving clickfix - based malware delivery and whatsapp account hijacking techniques. these operat…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.001Malicious Link
33%
“technique that tricks users into manually executing malicious code on their devices by following seemingly legitimate instructions. clickfix relies on user interaction – often through deceptive websites or fake alerts – to guide victims into downloading and running malicious scri…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation