Cobalt Strike - Geek Feed

Telegram captcha tricks you into running malicious PowerShell scripts

January 23, 2025January 23, 2025 geekfeed0Tagged ClickFix, Cobalt Strike, malware, powershell, PowerShell scripts, telegram, Telegram captcha, twitter

Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into run PowerShell code that infects them with malware. The attack, spotted by vx-underground, is a new variant of the “Click-Fix” tactic that has become very popular among threat actors to distribute malware over the past year. […]

3 mins read

Hackers now use AppDomain Injection to drop CobaltStrike beacons

August 25, 2024August 25, 2024 geekfeed0Tagged AppDomain Manager Injection, APT41, Cobalt Strike, Cobalt Strike Beacon, GrimResource, GrimResource attacks, State-Sponsored, windows

A wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows. The technique has been around since 2017, and multiple proof-of-concept apps have been released over the years. However, it is typically used in red team engagements and seldomly observed in […]

3 mins read