// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE PUB-ENTDTG 0600Z
ColdReconTechniquesT1574
Technique T1574

Hijack Execution Flow

CLEARED FOR PUBLIC RELEASE · OPEN-SOURCE INTELLIGENCE
Hijack Execution Flow (T1574) — a Defense Evasion technique, observed in public incident reporting.
MITRE ATT&CKT1574
TacticDefense Evasion
Incidents on file24

Detection & mitigation

Monitor for unusual process creation from ZIP-extracted LNK files or executables, especially those loading DLLs from non-standard paths. Detect anomalous Azure Blob Storage access patterns from endpoints not typically using such services. Implement application control to block execution from user-writable directories and restrict PowerShell script execution.

Observed in the wild

Track this in real time.

ColdRecon watches the public signal so you don't have to — a daily brief and a live detection-coverage desk. Request clearance.

Request Clearance →