Product
medium
advisory
Abuse of Microsoft ClickOnce Technology for Malware Deployment
3 rules 3 TTPsThreat actors are leveraging Microsoft's ClickOnce technology, designed for simplified application deployment, as an attractive vector to spread malware, allowing for easy distribution, minimal user interaction, and installation without elevated privileges on Windows systems.
ClickOnce
deployment
windows
malware-distribution
application-deployment
3r
3t
high
advisory
Threat Actors Weaponize ClickOnce Technology for Initial Access, Execution, and Persistence
3 rules 4 TTPsThreat actors are actively abusing Microsoft's ClickOnce technology, specifically targeting the `.application` and `.appref-ms` file types, to achieve stealthy initial access, execute malicious payloads within legitimate Microsoft processes like rundll32.exe and dfsvc.exe, and establish persistence through its built-in update mechanism, effectively bypassing traditional endpoint security controls.
ClickOnce
windows
persistence
defense-evasion
initial-access
execution
3r
4t