Common Information
| Type | Value |
|---|---|
| Value |
Hijack Execution Flow - T1574 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may execute their own malicious payloads by hijacking the way operating systems run programs. Hijacking execution flow can be for the purposes of persistence, since this hijacked execution may reoccur over time. Adversaries may also use these mechanisms to elevate privileges or evade defenses, such as application control or other restrictions on execution. There are many ways an adversary may hijack the flow of execution, including by manipulating how the operating system locates programs to be executed. How the operating system locates libraries to be used by a program can also be intercepted. Locations where the operating system looks for programs/resources, such as file directories and in the case of Windows the Registry, could also be poisoned to include malicious payloads. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-16 | 27 | KQL KC7 — AzureCrest : Section 4 & 5 | ||
| Details | Website | 2024-11-14 | 72 | Weekly Intelligence Report - 15 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-07 | 63 | Weekly Intelligence Report - 08 Nov 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-11-07 | 66 | European diplomats targeted by APT29 (Cozy Bear) with WINELOADER | ||
| Details | Website | 2024-11-07 | 14 | AQUATIC PANDA in Possession of Log4Shell Exploit Tools | CrowdStrike | ||
| Details | Website | 2024-11-05 | 7 | Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare - CyberSRC | ||
| Details | Website | 2024-11-03 | 108 | 强网杯 2024 初赛 Writeup | CTF导航 | ||
| Details | Website | 2024-11-01 | 39 | Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc. | ||
| Details | Website | 2024-11-01 | 62 | Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-10-30 | 28 | Attacker Abuses Victim Resources to Reap Rewards from Titan Network | ||
| Details | Website | 2024-10-28 | 25 | Threat Intelligence Report October 22 - October 28 2024 | Red Piranha | ||
| Details | Website | 2024-10-23 | 44 | Highlighting TA866/Asylum Ambuscade Activity Since 2021 | ||
| Details | Website | 2024-10-22 | 22 | Threat Intelligence Report October 15 - October 21 2024 | Red Piranha | ||
| Details | Website | 2024-10-18 | 44 | Weekly Intelligence Report - 18 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-17 | 100 | Flying in the clouds: APT31 renews its attacks on Russian companies through cloud storage | ||
| Details | Website | 2024-10-17 | 75 | APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere | ||
| Details | Website | 2024-10-15 | 17 | Emulating the Opportunistic and Lightweight Lumma Stealer | ||
| Details | Website | 2024-10-14 | 0 | Researchers Uncover Widespread Vulnerability in Open-Source Package Ecosystems | ||
| Details | Website | 2024-10-14 | 21 | Threat Intelligence Report 8th October – 14th October | ||
| Details | Website | 2024-10-11 | 71 | Weekly Intelligence Report - 11 Oct 2024 | #ransomware | #cybercrime | National Cyber Security Consulting | ||
| Details | Website | 2024-10-08 | 0 | Securing the Future of GameFi: Challenges and Best Practices | ||
| Details | Website | 2024-10-07 | 67 | Threat Intelligence Report October 1 - October 7 2024 | Red Piranha | ||
| Details | Website | 2024-10-04 | 34 | VILSA STEALER - CYFIRMA | ||
| Details | Website | 2024-10-02 | 57 | Separating the bee from the panda: CeranaKeeper making a beeline for Thailand | ||
| Details | Website | 2024-09-30 | 11 | AhnLab EDR을 활용한 리눅스 지속성 유지 기법 탐지 (1) - ASEC |