Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1583 | .006 | Acquire Infrastructure: Web Services |
TA578 has used Google Firebase to host malicious scripts.[1] |
Enterprise | T1059 | .007 | Command and Scripting Interpreter: JavaScript |
TA578 has used JavaScript files in malware execution chains.[1] |
Enterprise | T1594 | Search Victim-Owned Websites |
TA578 has filled out contact forms on victims' websites to direct them to adversary-controlled URLs.[1] |
|
Enterprise | T1204 | .001 | User Execution: Malicious Link |
TA578 has placed malicious links in contact forms on victim sites, often spoofing a copyright complaint, to redirect users to malicious file downloads.[1] |