That same month, researchers found two Geacon payloads on VirusTotal. “While some of these are likely red-team operations, others bear the characteristics of genuine malicious attacks.”Īfter an anonymous developer in October created two Geacon forks, public and private Geacon projects were added to the 404 Starlink Project, a public repository of open source red-team and penetration tools that is maintained by the Zhizhi Chuangyu Laboratory in April. “We have observed a number of Geacon payloads appearing on VirusTotal in recent months,” said Phil Stokes and Dinesh Devadoss with SentinelLabs on Monday. The Geacon project, meanwhile, first appeared on GitHub four years ago as a Cobalt Strike alternative for macOS devices. After spotting an increased number of VirusTotal payloads for the Go-based implementation of the Cobalt Strike beacon, called Geacon, researchers warn that it is likely that threat actors will abuse the tool in order to target macOS devices.Ĭobalt Strike is a legitimate adversary simulation tool used by red teams however, it has also been abused by threat actors to target the Windows platform.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |