Common Information
| Type | Value |
|---|---|
| Value |
Impair Defenses - T1562 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may maliciously modify components of a victim environment in order to hinder or disable defensive mechanisms. This not only involves impairing preventative defenses, such as firewalls and anti-virus, but also detection capabilities that defenders can use to audit activity and identify malicious behavior. This may also span both native defenses as well as supplemental capabilities installed by users and administrators. Adversaries may also impair routine operations that contribute to defensive hygiene, such as blocking users from logging out of a computer or stopping it from being shut down. These restrictions can further enable malicious operations as well as the continued propagation of incidents.(Citation: Emotet shutdown) Adversaries could also target event aggregation and analysis mechanisms, or otherwise disrupt these procedures by altering other system components. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-10 | 36 | Technical Analysis of DarkVision RAT | ||
| Details | Website | 2024-10-10 | 9 | AhnLab EDR을 활용한 BPFDoor 리눅스 악성코드 탐지 - ASEC | ||
| Details | Website | 2024-10-09 | 9 | BPFDoor Linux Malware Detected by AhnLab EDR - ASEC | ||
| Details | Website | 2024-10-04 | 32 | LemonDuck Unleashes Cryptomining Attacks Through SMB Service Exploits | ||
| Details | Website | 2024-10-04 | 100 | Агент SIEM используется в атаках SilentCryptoMiner | ||
| Details | Website | 2024-10-04 | 100 | SIEM agent being used in SilentCryptoMiner attacks | ||
| Details | Website | 2024-10-02 | 3 | Stopping Attacks Early: The Power of Endpoint Telemetry in Cybersecurity | ||
| Details | Website | 2024-10-02 | 0 | The 2024 Elastic Global Threat Report: Forecasts and recommendations | ||
| Details | Website | 2024-10-01 | 61 | GitHub Scanner — Lumma Stealer Threat Intel | ||
| Details | Website | 2024-09-23 | 45 | Threat Intelligence Report 17th September – 23rd September 2024 | ||
| Details | Website | 2024-09-20 | 29 | How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections | ||
| Details | Website | 2024-09-19 | 142 | Black Basta Ransomware: What You Need to Know | Qualys Security Blog | ||
| Details | Website | 2024-09-12 | 71 | Crystal Rans0m: Emerging hybrid ransomware with stealer capabilities | ||
| Details | Website | 2024-09-05 | 39 | BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar | ||
| Details | Website | 2024-09-05 | 73 | BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar | ||
| Details | Website | 2024-09-03 | 46 | Most interesting IR cases in 2023: insider threats and more | ||
| Details | Website | 2024-09-02 | 43 | Iranian State-Sponsored Hackers Have Become Access Brokers For Ransomware Gangsca - Cyble | ||
| Details | Website | 2024-08-30 | 97 | From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users | ||
| Details | Website | 2024-08-30 | 24 | Emulating the Extortionist Mallox Ransomware | ||
| Details | Website | 2024-08-29 | 269 | #StopRansomware: RansomHub Ransomware | CISA | ||
| Details | Website | 2024-08-28 | 62 | Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA | ||
| Details | Website | 2024-08-28 | 44 | BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks | ||
| Details | Website | 2024-08-28 | 49 | Operation Oxidový: Sophisticated Malware Campaign Targets Czech Officials Using NATO-Themed Decoys - Blogs on Information Technology, Network & Cybersecurity | Seqrite | ||
| Details | Website | 2024-08-22 | 6 | Improvements to our SIEM in Q2 2024 | ||
| Details | Website | 2024-08-01 | 59 | DNS Early Detection - Breaking the Black Basta Ransomware Kill Chain | Infoblox |