ĪPT19 attempted to get users to launch malicious attachments delivered via spearphishing emails. ĪPT12 has attempted to get victims to open malicious Microsoft Word and PDF attachment sent via spearphishing. ĪPT-C-36 has prompted victims to accept macros in order to execute the subsequent payload. ĪppleSeed can achieve execution through users running malicious file attachments distributed via email.
ĪppleJeus has required user execution of a malicious MSI installer. Īoqin Dragon has lured victims into opening weaponized documents, fake external drives, and fake antivirus to execute malicious payloads. Īndariel has attempted to lure victims into enabling malicious macros within email attachments. Īgent Tesla has been executed through malicious e-mail attachments Ījax Security Team has lured victims into executing malicious files. Live Version Procedure Examples has attempted to get victims to launch malicious Microsoft Word attachments delivered via spearphishing emails. This activity may also be seen shortly after Internal Spearphishing. While Malicious File frequently occurs shortly after Initial Access it may occur at other phases of an intrusion, such as when an adversary places a file in a shared directory or on a user's desktop hoping that a user will click on it. These methods may include using a familiar naming convention and/or password protecting the file and supplying instructions to a user on how to open it. cpl.Īdversaries may employ various forms of Masquerading and Obfuscated Files or Information to increase the likelihood that a user will open and successfully execute a malicious file. Adversaries may use several types of files that require a user to execute them, including.
This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Users may be subjected to social engineering to get them to open a file that will lead to code execution. An adversary may rely upon a user opening a malicious file in order to gain execution.
0 kommentar(er)
