Tag: DarkWidow

DarkWidow This is a Dropper/Post Exploitation Tool (or can be used in both situations) targeting Windows. Capabilities: Indirect Dynamic Syscall. (MITRE ATT&CK TTP: T1106) SSN + Syscall address sorting via Modified TartarusGate approach Remote Process Injection via APC Early Bird to CUT OFF telemetry Catching by EDR. (MITRE ATT&CK TTP: T1055.004) Spawns a sacrificial Process as the…