Back

GrimResource - Microsoft Management Console for initial access and evasion

June 27, 2024, 5:26 p.m.

Tags

cobalt strike
execution
vbscript
jscript
2024-06-27
msc file
mmc console
grimresource
console
pastaloader
windows script

External References

https://www.elastic.co/

https://otx.alienvault.com/

Description

A novel, in-the-wild code execution technique leveraging Microsoft Management Console files (MSC) has been identified by Elastic Security researchers and was first spotted in the wild in June 2016 and is currently being investigated by VirusTotal.

Date

Published Created Modified
June 27, 2024, 5:02 p.m. June 27, 2024, 5:02 p.m. June 27, 2024, 5:26 p.m.

Indicators

c1bba723f79282dceed4b8c40123c72a5dfcf4e3ff7dd48db8cb6c8772b60b88

4cb575bc114d39f8f1e66d6e7c453987639289a28cd83a7d802744cd99087fd7

14bcb7196143fd2b800385e9b32cfacd837007b0face71a73b546b53310258bb

Attack Patterns

Cobalt Strike

T1055

T1027