AppDomainManager Injection Technique Used to Execute Malware on Windows
Aug. 26, 2024, 1:34 p.m.
Description
Cybersecurity specialists have observed an escalation in attacks employing the AppDomainManager Injection technique, which exploits the .NET Framework's version redirection feature to manipulate legitimate EXE files and load malicious DLLs. These attacks commonly begin with a ZIP file containing a malicious MSC file that triggers the execution of embedded JavaScript code, ultimately leading to the execution of a legitimate Microsoft binary with a malicious configuration. This relatively obscure technique, previously rare in actual attacks, is now being utilized more frequently, potentially by nation-state-sponsored groups targeting government agencies, military organizations, and energy companies in Asia.
Date
| Published | Created | Modified |
|---|---|---|
| Aug. 26, 2024, 1:09 p.m. | Aug. 26, 2024, 1:09 p.m. | Aug. 26, 2024, 1:34 p.m. |
Attack Patterns
APT41
T1189
T1574
T1203
T1105
T1036
T1204
T1027
T1195
T1059
Additional Informations
Energy
Defense
Government
Taiwan
Philippines