The PoolParty process injection techniques are new to me. If they are new to you too, it might be worth reading up on them. I've seen it a few times now in the last couple weeks.
https://github.com/SafeBreach-Labs/PoolParty
https://www.safebreach.com/blog/process-injection-using-windows-thread-pools
https://youtu.be/AvBO4f7blew
#threatintel
cR0w /
npub1z3…cp45m
2024-05-29 16:39:29
Author Public Key
npub1z3sfut2znnrtgl0qt4q6npq8zmjd9c97ck0gh0me44ua6lzaaajq6cp45mPublished at
2024-05-29 16:39:29Event JSON
{
"id": "ffa24511ccc842c1f39817b2746da2fba19e89ca703b5ddf41e213933e5504c5",
"pubkey": "14609e2d429cc6b47de05d41a9840716e4d2e0bec59e8bbf79ad79dd7c5def64",
"created_at": 1717000769,
"kind": 1,
"tags": [
[
"t",
"threatintel"
],
[
"proxy",
"https://infosec.exchange/users/cR0w/statuses/112525362397382206",
"activitypub"
]
],
"content": "The PoolParty process injection techniques are new to me. If they are new to you too, it might be worth reading up on them. I've seen it a few times now in the last couple weeks.\n\nhttps://github.com/SafeBreach-Labs/PoolParty\n\nhttps://www.safebreach.com/blog/process-injection-using-windows-thread-pools\n\nhttps://youtu.be/AvBO4f7blew\n\n#threatintel",
"sig": "81365d3c5a6dcb30d073e626772cca1d94894d4f9f4b5ce13e00ea6aac5ecc43436d925c23173c576194b85f99b569239e04744551c8bf4ef8e8e9eac1fc35db"
}