A new report released by Cisco Talos states that a fully functional version of the command and control is written using Golang and has a User Interface in Simplified Chinese. It is available freely and can be used to generate new implants with relative ease with custom configurations. Therefore, it is likely that many malicious actors will adopt this framework.
Manjusaka is considered a Chinese sibling of Silver and Cobalt Strike. They are legitimate adversary emulation frameworks that researchers believe have been repurposed by threat actors to help them carry out certain post-exploitative activities. These activities include lateral movement, network reconnaissance, and fascinating the deployment of follow-on payloads.
Manjusaka means cow-flower and is written in Rust. It is advertised to be equivalent to the Cobalt Strike framework. Its capabilities include being able to target computers using both Windows and Linux operating systems. The developers of this hacking framework are believed to be located in China, specifically in the Guangdong region.
The researchers note that the implant consists of many remote access trojans, also called RAT, capabilities. These include some standard functionality and also a dedicated file management module.
Therefore, the supported features include executing arbitrary commands, gathering passwords, and harvesting browser credentials from web browsers such as Google Chrome, Opera, Brave, Qihoo 360, Tencent QQ Browser, and Vivaldi. It is also able to obtain comprehensive system information.
Manjusaka can also launch the file management module and carry out various activities, including managing files and directories and enumerating files on compromised systems.
The existence of Manjusaka and its availability, according to researchers, indicates that there is a popularity of offensive technologies that are widely available and have both crimeware and APT operators.
Furthermore, they also believe this new attack framework has all the features you would expect from an implant. However, it is written in the most portable and modern programming language. Therefore, it can easily be integrated into new target platforms, including MacOSX.
- Russian Hackers Distributing Android Malware Amidst the Ukraine Crisis
- State-Backed Hackers Hiding Behind Ransomware To Conduct Cyber Espionage Attacks
- Some Tips to Secure Your Digital Wallet from Hackers!
- Facebook Business and Ad Accounts Targeted by New Ducktail Infostealer Malware
- Malicious IIS Extentions’ Persistent Access Popular Among Cyber Criminals
- Candiru Spyware Targeting Journalists by Exploiting Google Chrome Zero-Day