GrimResource - Microsoft Management Console for initial access and…

216.73.216.226

GrimResource - Microsoft Management Console for initial access and evasion

· Published 27/06/2024 17:02 · Modified 27/06/2024 17:26

Essential information

Published: 27/06/2024 17:02
Modified: 27/06/2024 17:26
Tags: 2024-06-27 cobalt strike console execution grimresource jscript mmc console msc file pastaloader vbscript windows script
Related entities: 3 observables, 2 techniques (mitre), 1 malware

Description

A novel, in-the-wild code execution technique leveraging Microsoft Management Console files (MSC) has been identified by Elastic Security researchers and was first spotted in the wild in June 2016 and is currently being investigated by VirusTotal.

External references

https://www.elastic.co/security-labs/grimresource
https://otx.alienvault.com/pulse/667d9b3db0a27398841a0900

GrimResource - Microsoft Management Console for initial access and evasion

Essential information

Description

Related entities

Observables (3)

Techniques (MITRE) (2)

Malware (1)

External references