AppDomain Manager Injection exploited for Cobalt Strike beacon delivery

26 August 2024

Attackers distributed a ZIP file with a malicious Microsoft Script Component file, which when opened facilitated code execution via the GrimSource attack technique involving the utilization of an apds.dll cross-site scripting flaw to enable malicious JavaScript execution, according to an NTT report. Such an MSC file also allowed the creation of a configuration file that redirects to a DLL with a class also found on the AppDomain Manager class of the .NET Framework, which then executes code to evade security defenses and ultimately allow Cobalt Strike beacon injection for additional malicious activity, said NTT researchers.

Source: SC Magazine

Date:

26 August 2024

Categorie(s):

NEWS

Tag(s):

Cobalt Strike, Injections, IT, News, Threat Intelligence

Harnessing the Power of Data and AI – Sivan Tehila – FS #15 November 2024
A Kansas pig butchering: CEO who defrauded bank, church, friends gets 24 years5 November 2024
Canada Arrests Suspected Hacker Linked to Snowflake Data Breaches5 November 2024
Amazon Inspector suppression rules best practices for AWS Organizations5 November 2024
Building Cybersecurity Resilience: Strategies, Technologies, and Best Practices from Industry Leaders5 November 2024