īased on our earlier observation, the TONEINS and TONESHELL malware were downloaded from the Google Drive link embedded in the body of an email. We believe that the threat actors are employing these new techniques to avoid detection. Starting in October and November 2022, we observed that the threat actors began changing their TTPs to deploy the TONEINS, TONESHELL, and PUBLOAD malware. We previously summarized the arrival vectors used by Earth Preta by categorizing them into three types (DLL sideloading, shortcut links, and fake file extensions). In the following sections, we focus on the updated arrival vectors and their succeeding stages. However, we observed that some of TTPs have been changed. ![]() ![]() In our previous research, we covered most of the new TTPs and malware during the first stage, arrival vectors. We categorize the different TTPs into six stages: arrival vectors, discovery, privilege escalation, lateral movement, command and control (C&C) and exfiltration, respectively.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |