"/ d 00000003 / f reg add " hkey _ local _ machine \ software \ policies \ microsoft \ windows \ currentversion \ internet settings \ zones \ 0 " / v " 1004 " / t reg _ dword / d 00000003 / f reg add " hkey _ local _ machine \ software \ policies \ microsoft \ windows \ currentver…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
86%
"there is no telling when we might see something available. for now, we need to prepare ourselves by understanding this attack chain, monitoring for artifacts and incidents of compromise and keeping our ears to the ground for new information and threat intelligence. we ’ ve create…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1112Modify Registry
81%
"settings \ zones \ 2 " / v " 1004 " / t reg _ dword / d 00000003 / f reg add " hkey _ local _ machine \ software \ policies \ microsoft \ windows \ currentversion \ internet settings \ zones \ 3 " / v " 1001 " / t reg _ dword / d 00000003 / f reg add " hkey _ local _ machine \ so…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
76%
"opening the file and this invalidates microsoft ’ s workaround mitigation discussed below. for office files, no traditional vba macros are needed for this attack. any url beginning with mshtml : http will download a file passed to the mshtml parser engine, and potentially any way…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1112Modify Registry
41%
"- exploit activity like the cobalt strike stager, other command and control behavior and / or ransomware detonation, then huntress will catch it and provide assisted remediation steps. as always, huntress will be monitoring the situation and keep this blog post as well as our soc…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
40%
"updated their advisory to stop preview mode in windows explorer and offer a group policy option. - defender ’ s detection of the exploit looks to use a hardcoded domain. this might prevent this specific threat actor and that specific campaign, but it doesn ’ t fully detect the th…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1203Exploitation for Client Execution
40%
"there is no telling when we might see something available. for now, we need to prepare ourselves by understanding this attack chain, monitoring for artifacts and incidents of compromise and keeping our ears to the ground for new information and threat intelligence. we ’ ve create…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Huntress is monitoring a new threat against Windows OS and Microsoft Office products (CVE-2021-40444). The MSHTML engine is vulnerable to arbitrary code execution.