Product
high
threat
Webworm APT Updates TTPs with Discord and Microsoft Graph C2
2 rules 10 TTPs 1 CVE 1 IOCThe Webworm APT group is using updated tactics, techniques, and procedures, including new backdoors using Discord and Microsoft Graph API for command and control, custom proxy tools, and GitHub for malware staging, shifting focus to European governmental organizations.
Microsoft Graph API +4
Webworm
apt
discord
proxy tool
2r
10t
1c
1i
medium
threat
Flax Typhoon Masquerading SoftEther VPN as Legitimate Windows Binaries
2 rules 2 TTPsThe Flax Typhoon group uses SoftEther VPN, masquerading the VPN client as legitimate Windows binaries like conhost.exe and dllhost.exe, to obfuscate their network activity within compromised Taiwanese organizations.
SoftEther VPN +3
Flax Typhoon
+1
flax-typhoon
defense-evasion
lateral-movement
vpn
process-masquerading
2r
2t