“abusing social engineering, mfa fatigue, token theft, and adversary - in - the - middle phishing to bypass authentication controls. after gaining identity access, the threat actors leverage legitimate credentials with iam misuse and configuration abuse to move laterally across sa…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.004Cloud Accounts
60%
“level summary of how scenario 1 ( demeter ) unfolds, highlighting the core execution flow, infrastructure interactions, and progression of the attack chain from initial access through cleanup. for a detailed, step - by - step breakdown of the scenario that includes emulation cont…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
57%
“email that delivers a malicious document, leading the victim to download a password - protected archive and execute a malicious lnk file that side - loads the orpheus loader. the loader performs anti - analysis checks, injects into a trusted process, loads shellcode in memory, an…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.004Cloud Accounts
49%
“steps, protection across all evaluated attack opportunities, and cloud layer coverage, including both detection and protection. mitre scenario 1 ( demeter ) in this emulation, cloud ( aws ) scenarios highlighted how attackers can pivot from an endpoint into the cloud where the in…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
48%
“information. the group ’ s operations have affected telecommunications and business process outsourcing ( bpo ) providers. the group has also compromised tech saas and identity platforms to obtain privileged access into enterprise environments, alongside notable intrusions in hos…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1053.005Scheduled Task
40%
“email that delivers a malicious document, leading the victim to download a password - protected archive and execute a malicious lnk file that side - loads the orpheus loader. the loader performs anti - analysis checks, injects into a trusted process, loads shellcode in memory, an…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
31%
“email that delivers a malicious document, leading the victim to download a password - protected archive and execute a malicious lnk file that side - loads the orpheus loader. the loader performs anti - analysis checks, injects into a trusted process, loads shellcode in memory, an…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1530Data from Cloud Storage
30%
“steps, protection across all evaluated attack opportunities, and cloud layer coverage, including both detection and protection. mitre scenario 1 ( demeter ) in this emulation, cloud ( aws ) scenarios highlighted how attackers can pivot from an endpoint into the cloud where the in…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from TrendAI™ Research monitoring and TrendAI Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations.