SOC Incident Toolkit
Back to Campaigns
StealC and Amadey Infostealer and Loader Campaign

StealC and Amadey Infostealer and Loader Campaign

StealCAmadeyInfostealerMalware-as-a-ServiceOperation Endgame

StealC and Amadey are commodity malware-as-a-service offerings - StealC an information stealer that harvests browser credentials, cookies, cryptocurrency wallets, messaging and email-client data, and Amadey a modular loader used to deliver StealC and other payloads - that together form an assembly line feeding the broader cybercrime economy. On 24 June 2026, Microsoft's Digital Crimes Unit, working with Europol and industry partners under Operation Endgame, disrupted this infrastructure by taking down hundreds of command-and-control domains and servers and recovering roughly 27 million stolen credentials.

Indicators of Compromise

Hashes (15)

977b33a9b481cf714946b7d386865cd5d284312aa5ecfa0546c197b1003e1bde2a0f053855da59b3b56812e580d7baeba59fc9493694722aa9e3f121ee3363f11246c5b89ab668c1137f377507bc3e266a98e93248382aa026610ae1e764a4975f5b25b2e35d404034d0d60975cf1ffbc6f141761ec3f4f15d6f7c6213a056f68f32456359f209a63adfd24b94235e1727382ac7f7bb7f2bcaf754e721925b64b7d1f172ff3feafe65d47fd1cbe0cc249316371ae0e1cbe3a7c741c738b3353dca4d4c4fc3e5d5cfa922b898f2d7411f03a446dddb139ba45dfd4f8f0018b64fd43c988d6f9cb355497696b580621fb1bdb7b6ed6d90f97520ecf6da5a1a41ff8cef760d11d24fc2e9bbd9f770dca5105854f7ece3b0e6948d7c8b7fdd1765ea30cef3d3d956e83e2c50579cfbe57a49159cccbcc8b0b0422f27d55e1c401ad998e504cc7125b79eda5491f40b998605a05f4cd968b961aab4cce7beb074fefe9383572a30ae5b76fadd0700fbd7a1aa7b05d0b6c8f9cdaef9b30a3e1f65d57d0215f734867bd71c57ff5c524d8cc670be5b4f1861b2c390cf46d18784a5362499507f18c4e61fdb109805404bf6a79ea8ce2fddc590ce48d717e97516ab7e8d43455f1ff4a623b783da670d052eb77eaaacb0c66a9f1e8508f802bf22e8129e

Notes

<div><span id="docs-internal-guid-cd8f2626-7fff-19cd-251e-33a07842ddbd"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 14pt; font-family: Arial, sans-serif; color: rgb(11, 37, 69); font-weight: 700; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">CONCLUSION</span></p><br><p style="line-height:1.2;margin-top:0pt;margin-bottom:6pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">StealC and Amadey illustrate how the infostealer economy turns a single, often out-of-scope consumer-device infection into enterprise risk. Amadey establishes the foothold and delivers payloads on demand, while StealC harvests credentials, cookies and session tokens that are exfiltrated, packaged into logs, and monetised through dark-web markets and access brokers. Because the initial infection frequently occurs on unmanaged devices and attackers later authenticate with valid credentials, intrusions are often detected only after credential abuse, ransomware deployment, or large-scale data exfiltration.</span></p><p style="line-height:1.2;margin-top:0pt;margin-bottom:6pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">The June 2026 disruption actioned 326 servers and 142 domains – totalling approximately 468 C2 infrastructure items – and recovered roughly 27 million credentials, but commodity MaaS ecosystems recover quickly; defenders should treat credential hygiene, phishing-resistant MFA, and endpoint hardening as durable controls rather than one-time fixes.</span></p><p style="line-height:1.2;margin-top:0pt;margin-bottom:6pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Related SOCRadar modules - Dark Web Monitoring, Stealer Logs / Identity &amp; Access Intelligence, and Threat Hunting - can surface exposed credentials and stealer-log appearances tied to this activity. Platform: </span><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(5, 99, 193); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;"><a href="https://socradar.io">https://socradar.io</a></span></p><div><br></div></span></div>

Mitigation

<div><span id="docs-internal-guid-42773cac-7fff-8db1-4f62-5713750b7c54"><h1 style="line-height:1.2;margin-top:14pt;margin-bottom:7pt;"><span style="font-size: 14pt; font-family: Arial, sans-serif; color: rgb(11, 37, 69); font-weight: 700; font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">MITIGATION</span></h1><div style="margin-left:0pt;" align="left"><table style="border:none;border-collapse:collapse;"><colgroup><col><col><col></colgroup><thead><tr style="height:0pt;"><th style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:top;background-color:#0b2545;padding:4pt 6pt 4pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Mitigation ID</span></p></th><th style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:top;background-color:#0b2545;padding:4pt 6pt 4pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Mitigation</span></p></th><th style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:top;background-color:#0b2545;padding:4pt 6pt 4pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(255, 255, 255); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Description</span></p></th></tr></thead><tbody><tr style="height:0pt;"><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/mitigations/M1049/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(5, 99, 193); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">M1049</span></a></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Antivirus/Antimalware</span></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Turn on cloud-delivered protection to block rapidly evolving stealer and loader variants, including new and unknown samples.</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/mitigations/M1021/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(5, 99, 193); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">M1021</span></a></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Restrict Web-Based Content</span></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Use SmartScreen-capable browsers (e.g., Microsoft Edge) to identify and block phishing, scam, and malware-hosting sites.</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/mitigations/M1017/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(5, 99, 193); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">M1017</span></a></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">User Training</span></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Train users against SEO-poisoned and cracked-software downloads, ClickFix paste-to-run lures, and phishing email.</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/mitigations/M1038/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(5, 99, 193); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">M1038</span></a></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Execution Prevention</span></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Apply attack surface reduction rules to block initial infection vectors and prevent hands-on-keyboard activity.</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/mitigations/M1040/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(5, 99, 193); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">M1040</span></a></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Behavior Prevention on Endpoint</span></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Enable advanced protection against ransomware and behavior-based blocking to disrupt the chain early.</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/mitigations/M1028/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(5, 99, 193); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">M1028</span></a></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Operating System Configuration</span></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Enable tenant-wide tamper protection and restrict unnecessary RDP exposure to limit attacker foothold.</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/mitigations/M1032/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(5, 99, 193); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">M1032</span></a></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Multi-factor Authentication</span></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Enforce phishing-resistant MFA to reduce the value of stolen credentials; note session-cookie theft can bypass MFA.</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/mitigations/M1018/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(5, 99, 193); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">M1018</span></a></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">User Account Management</span></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Monitor for and restrict creation of unauthorized local and administrator accounts.</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/mitigations/M1026/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(5, 99, 193); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">M1026</span></a></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Privileged Account Management</span></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Limit local administrator rights to curb privilege escalation and hidden-admin creation.</span></p></td></tr><tr style="height:0pt;"><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><a href="https://attack.mitre.org/mitigations/M1051/"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(5, 99, 193); font-variant: normal; text-decoration: underline; vertical-align: baseline; white-space: pre-wrap;">M1051</span></a></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Update Software</span></p></td><td style="border-left:solid #bfcad6 0.5pt;border-right:solid #bfcad6 0.5pt;border-bottom:solid #bfcad6 0.5pt;border-top:solid #bfcad6 0.5pt;vertical-align:middle;background-color:#eef3f8;padding:3.5pt 6pt 3.5pt 6pt;overflow:hidden;overflow-wrap:break-word;"><p style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;"><span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); font-variant: normal; vertical-align: baseline; white-space: pre-wrap;">Keep endpoints and browsers patched to reduce the exploitable surface available to delivered payloads.</span></p></td></tr></tbody></table></div></span></div>