Threats Tagged 'appdomainmanager hijacking'
View all threats tagged with 'appdomainmanager hijacking'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'appdomainmanager hijacking'
Click on any threat for detailed analysis and mitigation recommendations
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns 0 Unit 42 researchers identified six new remote access Trojan variants deployed by Iran-nexus APT group Screening Serpens between February and April 2026, coinciding with a regional conflict starting February 28, 2026. The group targeted entities in the U.S., Israel, UAE, and other Middle Eastern locations, primarily focusing on technology sector professionals through highly tailored social engineering using personalized recruitment lures. Two new malware families, MiniUpdate and MiniJunk V2, were discovered featuring advanced techniques including AppDomainManager hijacking that manipulates .NET application initialization to disable security mechanisms. The campaigns demonstrated increased technical capabilities and operational resilience, with each variant using dedicated C2 infrastructure hosted on Azure. The attacks leveraged DLL sideloading, scheduled tasks for persistence, and sophisticated evasion techniques to maintain long-term access for espionage purposes. MediumMalware Join the discussion United States Israel United Arab Emirates#minijunk v2#screening serpens#appdomainmanager hijacking | AlienVault OTX General | 05/22/2026, 17:33:20 UTC Added: 05/25/2026, 09:54:59 UTC |
Operation PhantomCLR: Stealth Execution via AppDomain Hijacking and In-Memory .NET Abuse 0 A highly sophisticated multi-stage post-exploitation framework targeting organizations in the Middle East and EMEA financial sectors exploits legitimate digitally signed Intel utilities through .NET AppDomainManager mechanism abuse. The attack leverages trusted binary proxy execution, bypassing EDR and antivirus solutions through JIT-based memory execution and sandbox evasion using computational delays and cryptographic key derivation loops. Initial access occurs via spear-phishing with Arabic-language decoys impersonating Saudi government documents. Once executed, the framework establishes command-and-control communication through Amazon CloudFront CDN domain fronting, employing reflective DLL loading, direct syscall usage, and anti-forensic memory cleanup techniques. The modular plugin-based architecture demonstrates capabilities consistent with advanced persistent threat actors, featuring sophisticated evasion mechanisms including PEB-based API resolution, custom PE export walking, and heap-walking cont... Join the discussion | AlienVault OTX General | 04/18/2026, 13:40:13 UTC Added: 04/20/2026, 10:46:12 UTC |
Showing 1 to 2 of 2 results