Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
3 distinct techniques documented for this family, organized by ATT&CK tactic.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A desktop tool associated with Kali365 that uses stolen authentication tokens to open authenticated Chromium sessions into Microsoft services such as Outlook Web Access, OneDrive, SharePoint, and admin portals.
Companion desktop application for Kali365 operators that converts stolen Microsoft 365 tokens into real authenticated Chromium sessions for OWA, OneDrive, SharePoint, and admin portals. It injects bearer tokens, exchanges refresh tokens in hidden browser windows to obtain ESTSAUTH cookies, and enables stealthy post-compromise access without interactive sign-in or MFA prompts.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.