mcmastersteve on Nostr: A group believed to be a subset of APT10, abuses WSB (Windows Sandbox) by creating a ...
A group believed to be a subset of APT10, abuses WSB (Windows Sandbox) by creating a .wsb configuration file and using it to spin up an instance of the Windows Sandbox.
This is interesting because Windows Defender cannot access the Windows Sandbox.
The payload enables folder sharing, network access, clipboard access, microphone access, and video access.
Published at
2025-04-12 06:26:41Event JSON
{
"id": "7287f5089fe2a0e6b312653a01f6fe9e879708d745b0176616d108e198e0cb0e",
"pubkey": "35a25b4ebc63d8d28b02f8f775ea78321b5fd0a695bc3d2a707140421e6cfba2",
"created_at": 1744439201,
"kind": 1,
"tags": [
[
"r",
"wss://relay.primal.net/"
]
],
"content": "A group believed to be a subset of APT10, abuses WSB (Windows Sandbox) by creating a .wsb configuration file and using it to spin up an instance of the Windows Sandbox.\n\nThis is interesting because Windows Defender cannot access the Windows Sandbox.\n\nThe payload enables folder sharing, network access, clipboard access, microphone access, and video access.\n\n",
"sig": "f48cf749d4709bc6759b8ab96e297fb127ee8cca209c55625fc650788ecfb45f19d9013175e88fa6df1ad4bee72c7ea14371dd43ef51de32ef8a5d31b6dd0127"
}
