{
  "name": "GrimResource - Microsoft Management Console for initial access and evasion",
  "slug": "grimresource-microsoft-management-console-for-initial-access-and-evasion",
  "description": "A novel, in-the-wild code execution technique leveraging Microsoft Management Console files (MSC) has been identified by Elastic Security researchers and was first spotted in the wild in June 2016 and is currently being investigated by VirusTotal.",
  "published": "2024-06-27T15:02:53+00:00",
  "created_at": "2024-06-27T15:02:53+00:00",
  "modified_at": "2024-06-27T15:26:20+00:00",
  "created_at_opencti": "2024-06-27T15:02:53+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-06-27",
    "cobalt strike",
    "console",
    "execution",
    "grimresource",
    "jscript",
    "mmc console",
    "msc file",
    "pastaloader",
    "vbscript",
    "windows script"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "c1bba723f79282dceed4b8c40123c72a5dfcf4e3ff7dd48db8cb6c8772b60b88"
      },
      {
        "id": "",
        "name": "4cb575bc114d39f8f1e66d6e7c453987639289a28cd83a7d802744cd99087fd7"
      },
      {
        "id": "",
        "name": "14bcb7196143fd2b800385e9b32cfacd837007b0face71a73b546b53310258bb"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:c66658b6074d27c4",
        "name": "Cobalt Strike",
        "slug": "cobalt-strike"
      }
    ],
    "attack_patterns": [
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      }
    ]
  },
  "external_refs": [
    "https://www.elastic.co/security-labs/grimresource",
    "https://otx.alienvault.com/pulse/667d9b3db0a27398841a0900"
  ]
}