
Bloody Wolf NetSupport RAT Campaign
The Bloody Wolf threat actor is conducting a spear-phishing campaign targeting organizations in Uzbekistan and Russia. The campaign utilizes malicious PDF attachments in phishing emails to deliver the NetSupport RAT (Remote Access Trojan). This campaign has impacted various sectors, including manufacturing, finance, IT, government, logistics, medical facilities, and educational institutions. The threat actor's motives are believed to be primarily financial gain, with a potential secondary objective of cyber espionage.
APT Groups
Bloody Wolf
UA
Notes
<span id="docs-internal-guid-dad91cb6-7fff-accc-cdd0-6fd181dee615"><p style="line-height:1.3800000000000001;margin-top:0pt;margin-bottom:10pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">CONCLUSION</span></p><p style="line-height:1.3800000000000001;margin-top:0pt;margin-bottom:10pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">The Bloody Wolf campaign poses a significant threat to organizations in Uzbekistan, Russia, and other targeted countries. The use of spear-phishing emails with malicious PDF attachments to deliver the NetSupport RAT allows the attackers to gain remote access to compromised systems, potentially leading to financial theft and cyber espionage. The group's shift from STRRAT to NetSupport RAT indicates an evolving toolkit and a continued focus on targeting specific sectors.</span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"><br></span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"><br></span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">To mitigate the risks associated with this campaign, organizations should implement robust security measures, including email filtering, user training, network intrusion prevention systems, and endpoint detection and response solutions. Proactive monitoring and threat hunting are essential to detect and respond to suspicious activity before it can cause significant damage. SOCRadar's modules can provide valuable assistance in these efforts: Cyber Threat Intelligence module for IoC monitoring and threat tracking, Dark Web Monitoring for leak and extortion detection, Attack Surface Management for identifying exposed assets, and Threat Hunting for proactive investigation.</span></p><div><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;"><br></span></div></span>
Mitigation
<span id="docs-internal-guid-5f267c2c-7fff-2248-50b8-9a5e1f1649f7"><p style="line-height:1.3800000000000001;margin-top:0pt;margin-bottom:10pt;"><span style="color: rgb(0, 0, 0); font-family: Calibri, sans-serif; font-size: 11pt; font-weight: 700;">MITRE ATT&CK Mitigation Table</span></p><br><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col><col><col></colgroup><tbody><tr style="height:40pt;"><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ATT&CK ID</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">ID</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Mitigation</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Description</span></p></td></tr><tr style="height:81.25pt;"><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1053.005</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1047/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">M1047</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1047/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Audit</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Toolkits like the PowerSploit framework contain PowerUp modules that can be used to explore systems for permission weaknesses in scheduled tasks.</span></p></td></tr><tr style="height:67.75pt;"><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1053.005</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1028/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">M1028</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1028/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Operating System Configuration</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Configure settings for scheduled tasks to force tasks to run under the context of the authenticated account instead of SYSTEM.</span></p></td></tr><tr style="height:67.75pt;"><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1053.005</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1026/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">M1026</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1026/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Privileged Account Management</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Configure the Increase Scheduling Priority option to only allow the Administrators group the rights to schedule a priority process.</span></p></td></tr><tr style="height:81.25pt;"><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1053.005</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1018/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">M1018</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1018/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">User Account Management</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Limit privileges of user accounts and remediate Privilege Escalation vectors so only authorized administrators can create scheduled tasks.</span></p></td></tr><tr style="height:81.25pt;"><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1113</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1026/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">M1026</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1026/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Privileged Account Management</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Restrict privileges to only authorized users, as some screen capture methods rely on administrative access to execute or access screen buffers.</span></p></td></tr><tr style="height:67.75pt;"><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1113</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1042/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">M1042</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1042/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Disable or Remove Feature or Program</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Disable built-in OS screen capture utilities if they are strictly unnecessary for system functionality.</span></p></td></tr><tr style="height:67.75pt;"><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1056.001</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1049/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">M1049</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1049/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Antivirus/Antimalware</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use endpoint detection tools and signatures capable of detecting and preventing known keylogging malware from running.</span></p></td></tr><tr style="height:67.75pt;"><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1056.001</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1050/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">M1050</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1050/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Exploit Protection</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Prevent the exploitation of vulnerabilities that adversaries may use to inject keyloggers into system processes.</span></p></td></tr><tr style="height:67.75pt;"><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1059.007</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1042/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">M1042</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1042/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Disable or Remove Feature or Program</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Disable Windows Script Host (WSH) or restrict the execution of JavaScript via command-line tools like wscript.exe or cscript.exe.</span></p></td></tr><tr style="height:53.5pt;"><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1059.007</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1038/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">M1038</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1038/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Execution Prevention</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Use application control features like AppLocker to restrict the execution of unauthorized or unsigned scripts.</span></p></td></tr><tr style="height:67.75pt;"><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1204.002</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1031/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">M1031</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1031/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">Network Intrusion Prevention</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Utilize network filtering and intrusion prevention systems to block the downloading of known malicious files.</span></p></td></tr><tr style="height:67.75pt;"><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">T1204.002</span></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1017/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">M1017</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><a href="https://attack.mitre.org/mitigations/M1017/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); font-weight: 700; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; text-decoration-line: underline; vertical-align: baseline;">User Training</span></a></p></td><td style="border-left:solid #000000 0.416667pt;border-right:solid #000000 0.416667pt;border-bottom:solid #000000 0.416667pt;border-top:solid #000000 0.416667pt;vertical-align:top;background-color:#efefef;padding:5pt 5pt 5pt 5pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.38;margin-top:0pt;margin-bottom:24pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; vertical-align: baseline;">Train users to be aware of the risks of executing unknown files, especially those downloaded from the internet or received via email.</span></p></td></tr></tbody></table></div></span>