![]() GuLoader has previously used RegAsm as a donor process. GuLoader has the ability to inject shellcode into a donor processes that is started in a suspended state. Gh0st RAT can inject malicious code into process created by the "Command_Create&Inject" function. Gazer injects its communication module into an Internet accessible process through which it performs C2. Įmpire contains multiple modules for injecting into processes, such as Invoke-PSInject. Įgregor can inject its payload into iexplore.exe process. ĭyre has the ability to directly inject its code into the web browser process. ĭonut includes a subproject DonutTest to inject shellcode into a target process. ĬostaBricks can inject a payload into the memory of a compromised host. ![]() Ĭobalt Strike can inject a variety of payloads into processes dynamically chosen by the adversary. Ĭobalt Group has injected code into trusted processes. Ĭlambling can inject into the svchost.exe process for execution. Ĭardinal RAT injects into a newly spawned process created from a native Windows executable. īumblebee can inject code into multiple processes on infected endpoints. īBK has the ability to inject shellcode into svchost.exe. īazar can inject code through calling VirtualAllocExNuma. īackdoor.Oldrea injects itself into explorer.exe. Īvenger has the ability to inject shellcode into svchost.exe. ĪuditCred can inject code from files to other running processes. Īttor's dispatcher can inject itself into running processes to gain higher privileges and to evade detection. ĪPT41 malware TIDYELF loaded the main WINTERLOVE component by injecting it into the iexplore.exe process. ĪPT37 injects its malware variant, ROKRAT, into the cmd.exe process. ĪPT32 malware has injected a Cobalt Strike beacon into Rundll32.exe. Īgent Tesla can inject into known, vulnerable binaries on targeted hosts. ABK has the ability to inject shellcode into svchost.exe.
0 Comments
Leave a Reply. |