Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

AppDomainManager Injection Technique Used to Execute Malware on Windows

Aug. 26, 2024, 1:34 p.m.

Description

Cybersecurity specialists have observed an escalation in attacks employing the AppDomainManager Injection technique, which exploits the .NET Framework's version redirection feature to manipulate legitimate EXE files and load malicious DLLs. These attacks commonly begin with a ZIP file containing a malicious MSC file that triggers the execution of embedded JavaScript code, ultimately leading to the execution of a legitimate Microsoft binary with a malicious configuration. This relatively obscure technique, previously rare in actual attacks, is now being utilized more frequently, potentially by nation-state-sponsored groups targeting government agencies, military organizations, and energy companies in Asia.

Date

Published: Aug. 26, 2024, 1:09 p.m.

Created: Aug. 26, 2024, 1:09 p.m.

Modified: Aug. 26, 2024, 1:34 p.m.

Indicators

xtools.lol

visualstudio-microsoft.com

trendmicrotech.com

s3-microsoft.com

s3bucket-azure.online

s3cloud-azure.com

msn-microsoft.org

s2cloud-amazon.com

krislab.site

Attack Patterns

APT41

T1189

T1574

T1203

T1105

T1036

T1204

T1027

T1195

T1059

Additional Informations

Energy

Defense

Government

Taiwan

Philippines