Product
high
threat
Fox Tempest Malware-Signing-as-a-Service Disrupted
2 rules 2 TTPs 1 IOCMicrosoft disrupted a malware-signing-as-a-service (MSaaS) operation run by Fox Tempest that abused the Azure Artifact Signing service to generate fraudulent code-signing certificates, enabling malware to bypass security controls.
Azure Artifact Signing +4
Fox Tempest
code-signing
malware-signing
supply-chain
azure
2r
2t
1i
medium
advisory
Potential Masquerading as Communication Apps
2 rules 3 TTPsAttackers may attempt to evade defenses by masquerading malicious processes as legitimate communication applications such as Slack, WebEx, Teams, Discord, RocketChat, Mattermost, WhatsApp, Zoom, Outlook and Thunderbird.
Slack +9
defense-evasion
masquerading
windows
2r
3t
medium
advisory
Masquerading Business Application Installers
2 rules 4 TTPsAttackers masquerade malicious executables as legitimate business application installers to trick users into downloading and executing malware, leveraging defense evasion and initial access techniques.
Elastic Defend +22
masquerading
defense-evasion
initial-access
malware
windows
2r
4t