Threats Tagged 'syscall usage'
View all threats tagged with 'syscall usage'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'syscall usage'
Click on any threat for detailed analysis and mitigation recommendations
Operation PhantomCLR: Stealth Execution via AppDomain Hijacking and In-Memory .NET Abuse 0 A highly sophisticated multi-stage post-exploitation framework targeting organizations in the Middle East and EMEA financial sectors exploits legitimate digitally signed Intel utilities through .NET AppDomainManager mechanism abuse. The attack leverages trusted binary proxy execution, bypassing EDR and antivirus solutions through JIT-based memory execution and sandbox evasion using computational delays and cryptographic key derivation loops. Initial access occurs via spear-phishing with Arabic-language decoys impersonating Saudi government documents. Once executed, the framework establishes command-and-control communication through Amazon CloudFront CDN domain fronting, employing reflective DLL loading, direct syscall usage, and anti-forensic memory cleanup techniques. The modular plugin-based architecture demonstrates capabilities consistent with advanced persistent threat actors, featuring sophisticated evasion mechanisms including PEB-based API resolution, custom PE export walking, and heap-walking cont... Join the discussion | AlienVault OTX General | 04/18/2026, 13:40:13 UTC Added: 04/20/2026, 10:46:12 UTC |
Showing 1 to 1 of 1 result