216.73.217.80

AppDomainManager Injection Technique Used to Execute Malware on Windows

· Published 26/08/2024 13:09 · Modified 26/08/2024 13:34

Export JSON

Essential information

Published
26/08/2024 13:09
Modified
26/08/2024 13:34
Tags
2024-08-26 appdomainmanager javascript msc remote execution windows
Related entities
9 observables, 1 intrusion sets (apt), 9 techniques (mitre), 5 others

Description

Cybersecurity specialists have observed an escalation in attacks employing the Injection technique, which exploits the .NET Framework's version redirection feature to manipulate legitimate EXE files and load malicious DLLs. These attacks commonly begin with a ZIP file containing a malicious file that triggers the execution of embedded code, ultimately leading to the execution of a legitimate Microsoft binary with a malicious configuration. This relatively obscure technique, previously rare in actual attacks, is now being utilized more frequently, potentially by nation-state-sponsored groups targeting government agencies, military organizations, and energy companies in Asia.

External references