Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 100c7d54-a0fb-4d66-9699-2af01b3b35a2 |
| Fingerprint | e63c011fb8281440 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | April 14, 2025, 4:05 p.m. |
| Added to db | April 14, 2025, 6:36 p.m. |
| Last updated | April 17, 2025, 10:20 p.m. |
| Headline | Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking |
| Title | Waiting Thread Hijacking: A Stealthier Version of Thread Execution Hijacking |
| Detected Hints/Tags/Attributes | 67/2/37 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 158 | ✔ | Malware Analysis, News and Indicators - Latest topics | https://malware.news/latest.rss | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 6446 | github.com |
|
| Details | Domain | 476 | attack.mitre.org |
|
| Details | Domain | 10 | www.ired.team |
|
| Details | Domain | 4 | scorpiosoftware.net |
|
| Details | Domain | 304 | learn.microsoft.com |
|
| Details | Domain | 3 | www.microsoftpressstore.com |
|
| Details | Domain | 24 | www.safebreach.com |
|
| Details | Domain | 38 | blackhat.com |
|
| Details | Domain | 2 | vvinoth.com |
|
| Details | Domain | 168 | research.checkpoint.com |
|
| Details | File | 369 | calc.exe |
|
| Details | File | 668 | ntdll.dll |
|
| Details | File | 95 | kernelbase.dll |
|
| Details | File | 927 | kernel32.dll |
|
| Details | File | 2 | us-19-kotler-process-injection-techniques-gotta-catch-them-all-wp.pdf |
|
| Details | File | 15 | article.aspx |
|
| Details | File | 87 | www.safe |
|
| Details | File | 2 | eu-23-leviev-the-pool-party-you-will-never-forget.pdf |
|
| Details | Github username | 6 | mr-un1k0d3r |
|
| Details | Github username | 40 | hasherezade |
|
| Details | IPv6 | 5 | d::dec |
|
| Details | MITRE ATT&CK Techniques | 525 | T1055 |
|
| Details | Url | 2 | https://github.com/mr-un1k0d3r/edrs |
|
| Details | Url | 2 | https://learn.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights |
|
| Details | Url | 2 | https://github.com/hasherezade/waiting_thread_hijacking |
|
| Details | Url | 2 | https://i.blackhat.com/usa-19/thursday/us-19-kotler-process-injection-techniques-gotta-catch-them-all-wp.pdf |
|
| Details | Url | 3 | https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process |
|
| Details | Url | 10 | https://attack.mitre.org/techniques/t1055 |
|
| Details | Url | 2 | https://www.ired.team/offensive-security/code-injection-process-injection |
|
| Details | Url | 2 | https://www.ired.team/offensive-security/code-injection-process-injection/injecting-to-remote-process-via-thread-hijacking |
|
| Details | Url | 2 | https://scorpiosoftware.net/2022/03/21/threads-threads-and-more-threads |
|
| Details | Url | 2 | https://learn.microsoft.com/en-us/windows/win32/procthread/thread-pools |
|
| Details | Url | 2 | https://www.microsoftpressstore.com/articles/article.aspx?p=2233328&seqnum=6 |
|
| Details | Url | 3 | https://www.safebreach.com/blog/process-injection-using-windows-thread-pools |
|
| Details | Url | 2 | https://i.blackhat.com/eu-23/presentations/eu-23-leviev-the-pool-party-you-will-never-forget.pdf |
|
| Details | Url | 2 | https://vvinoth.com/post/threadpools |
|
| Details | Url | 1 | https://research.checkpoint.com/2025/waiting-thread-hijacking |