GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic

Resheph

Administrator

Join Date: Jan 2016

Posts: 513
- Share
- Tweet
#1

GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic

12-29-2020, 05:58 AM

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub.

This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.

GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic

https://www.bleepingcomputer.com

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script.

Certified Security Geek
Tags: cobalt strike, muddywater, news, seedworm, temp.zagros

Announcement