Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Frankenstein

The campaign used a range of open-source tools to carry out their attacks including Microsoft's MSbuild, the post-exploitation framework FruityC2, and PowerShell Empire. The malicious software used in the operation also contained an anti-analysis module that loaded a Visual Basic Application (VBA) script to check for a range of applications including VMWare, Process Explorer, ProcMon, TCPView, AutoIT, WireShark, and many more. The infection vectors consisted of a trojanized Microsoft Word document that either downloaded a template from a remote server or prompted the user to enable macros and run a Visual Basic script.
Name Modified Date Sources
Operation Frankenstein 2019-06-12