“called the squiblydoo technique. the attacker also used the microsoft ’ s odbc configuration utility ( odbcconf. exe ), a response file, and the regsvr action to silently install. incident # 2 — abusing mshta. exe & powershell. exe while at dattocon 2018, our threatops team hoste…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
88%
“attackers abuse trust with indirection preventive security products like antivirus have made major strides in their ability to detect malicious behaviors as opposed to weak / static signatures. when implemented properly, these heuristics are capable of discovering even the most c…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1218.008Odbcconf
74%
“users, this same attack strategy is underway against preventive endpoint products. after compromising a victim, it ’ s no longer enough to just run an. exe payload. similar to the phishing example, early evasion techniques used by hackers simply obfuscated their. exe files with “…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
57%
“called the squiblydoo technique. the attacker also used the microsoft ’ s odbc configuration utility ( odbcconf. exe ), a response file, and the regsvr action to silently install. incident # 2 — abusing mshta. exe & powershell. exe while at dattocon 2018, our threatops team hoste…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1053.005Scheduled Task
41%
“of malicious payloads, the huntress endpoint agent searches for the persistent footholds that attackers use to maintain access to their victims. we ’ ve discovered this ignored indicator of compromise is an excellent way to uncover evasive threats and breaches. in the first incid…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1053.005Scheduled Task
35%
“called the squiblydoo technique. the attacker also used the microsoft ’ s odbc configuration utility ( odbcconf. exe ), a response file, and the regsvr action to silently install. incident # 2 — abusing mshta. exe & powershell. exe while at dattocon 2018, our threatops team hoste…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
31%
“of malicious payloads, the huntress endpoint agent searches for the persistent footholds that attackers use to maintain access to their victims. we ’ ve discovered this ignored indicator of compromise is an excellent way to uncover evasive threats and breaches. in the first incid…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Preventive security products like antivirus have made major strides in their ability to detect malicious behaviors as opposed to weak/static signatures. When implemented properly, these heuristics are capable of discovering even the most cleverly obfuscated routines. But don’t ring the victory bells yet. This cat-and-mouse game is just getting started…