Recherche : [imitation]

Malvertiser copies PC news site to deliver infostealer https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer

09/11/2023 18:35:14

Users looking to download a popular PC utility may be tricked in this campaign where a threat actor has registered a website that copies content from a PC and Windows news portal.

Manjusaka: A Chinese sibling of Sliver and Cobalt Strike https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html

03/08/2022 15:35:19

Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework.
The implants for the new malware family are written in the Rust language for Windows and Linux.
A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors.
We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints.
We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.

Liens par page

Filtres