Common Information
| Type | Value |
|---|---|
| Value |
Hijack Execution Flow - T1574 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may execute their own malicious payloads by hijacking the way operating systems run programs. Hijacking execution flow can be for the purposes of persistence, since this hijacked execution may reoccur over time. Adversaries may also use these mechanisms to elevate privileges or evade defenses, such as application control or other restrictions on execution. There are many ways an adversary may hijack the flow of execution, including by manipulating how the operating system locates programs to be executed. How the operating system locates libraries to be used by a program can also be intercepted. Locations where the operating system looks for programs/resources, such as file directories and in the case of Windows the Registry, could also be poisoned to include malicious payloads. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-09-29 | 11 | Linux Persistence Techniques Detected by AhnLab EDR (1) - ASEC | ||
| Details | Website | 2024-09-12 | 13 | Emulating the Persistent and Stealthy Ebury Linux Malware | ||
| Details | Website | 2024-09-12 | 41 | From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking | ||
| Details | Website | 2024-09-09 | 0 | Know your Adversary’s next move with TIE | ||
| Details | Website | 2024-09-09 | 41 | Earth Preta Evolves its Attacks with New Malware and Strategies | ||
| Details | Website | 2024-09-09 | 41 | Earth Preta Evolves its Attacks with New Malware and Strategies | ||
| Details | Website | 2024-09-05 | 29 | LummaC2 Malware and Malicious Chrome Extension Delivered via DLL… | ||
| Details | Website | 2024-09-04 | 71 | AZORult Malware: Technical Analysis - ANY.RUN's Cybersecurity Blog | ||
| Details | Website | 2024-09-03 | 46 | Most interesting IR cases in 2023: insider threats and more | ||
| Details | Website | 2024-08-30 | 97 | From Cobalt Strike to Mimikatz: A Deep Dive into the SLOW#TEMPEST Campaign Targeting Chinese Users | ||
| Details | Website | 2024-08-29 | 34 | DNS Early Detection - Malicious Trojan Installers for WINSCP and PUTTY - Breaking the Kill Chain | Infoblox | ||
| Details | Website | 2024-08-01 | 47 | BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor — Elastic Security Labs | ||
| Details | Website | 2024-07-25 | 59 | How APT groups operate in Southeast Asia | ||
| Details | Website | 2024-07-18 | 26 | HotPage: Story of a signed, vulnerable, ad-injecting driver | ||
| Details | Website | 2024-07-15 | 88 | DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1 | ||
| Details | Website | 2024-06-10 | 86 | Technical Analysis of the Latest Variant of ValleyRAT | ||
| Details | Website | 2024-06-04 | 43 | UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine's Ministry Of Defence - Cyble | ||
| Details | Website | 2024-05-16 | 23 | Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024 | ||
| Details | Website | 2024-05-15 | 45 | To the Moon and back(doors): Lunar landing in diplomatic missions | ||
| Details | Website | 2024-04-17 | 90 | Malvertising campaign targeting IT teams with MadMxShell | ||
| Details | Website | 2024-04-11 | 24 | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear | ||
| Details | Website | 2024-03-27 | 65 | European diplomats targeted by SPIKEDWINE with WINELOADER | ||
| Details | Website | 2024-03-22 | 35 | Unveiling KamiKakaBot - Malware Analysis - Nextron Systems | ||
| Details | Website | 2024-03-18 | 96 | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | ||
| Details | Website | 2024-03-18 | 96 | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks |