New Mockingjay process injection technique evades EDR detection - RedPacket Security
Tags
cmtmf-attack-pattern: Process Injection
attack-pattern: Direct Asynchronous Procedure Call - T1055.004 Process Hollowing - T1055.012 Process Injection - T1631 Software - T1592.002 Ssh - T1021.004 Thread Execution Hijacking - T1055.003 Process Hollowing - T1093 Process Injection - T1055
Show in Graph
Common Information
Type Value
UUID 98e83fe1-9b37-4f90-a60d-960b31436e3f
Fingerprint bceccd37bdbd76b1
Analysis status DONE
Considered CTI value 0
Text language
Published June 29, 2023, 5:04 a.m.
Added to db June 29, 2023, 6:30 a.m.
Last updated Nov. 17, 2024, 6:53 p.m.
Headline RedPacket Security
Title New Mockingjay process injection technique evades EDR detection - RedPacket Security
Detected Hints/Tags/Attributes 27/2/5
Source URLs
Redirection Url
Details Source https://www.redpacketsecurity.com/new-mockingjay-process-injection-technique-evades-edr-detection/
URL Provider
Details Provider Source level domain
Details redpacketsecurity.com www.redpacketsecurity.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 361 RedPacket Security https://www.redpacketsecurity.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 28 
0.dll
Details File 5 
nightmare.exe
Details File 533 
ntdll.dll
Details File 28 
ssh.exe
Details File 4 
mylibrary.dll