Probing the DNS Depths of PeckBirdy Trend Micro's report exposes PeckBirdy, a JavaScript-based C2 framework used by China-aligned APTs since 2023 and linked to modular backdoors (HOLODONUT, MKDOOR), stolen code-signing certificates, Cobalt Strike payloads, and exploits including CVE-2020-16040. Researchers analyzed 56 IoCs (domains, subdomains, IPs, WHOIS emails), confirmed many as illegitimate or previously weaponized, and published sample artifacts and full findings for download. #PeckBirdy #HOLODONUT

Trend Micro uncovers PeckBirdy, a JavaScript C2 framework linked to China-aligned APTs since 2023. Tied to modular backdoors, stolen certificates, Cobalt Strike, and CVE-2020-16040 exploits. #PeckBirdy #ChinaAPT #CodeSigning

Alert: China-linked APTs are exploiting the PeckBirdy JavaScript framework in targeted cyber attacks. Stay vigilant and ensure your systems are updated. #CyberSecurity #APT #PeckBirdy Link: thedailytechfeed.com/china-linked...

🕊️ PeckBirdy is a JavaScript-based C2 framework used by China-aligned APTs since 2023. Tracked by Trend Micro it abuses LOLBins and legacy JScript to deliver malware via fake Chrome updates and injected websites, targeting gambling platforms and Asian orgs
#APT #China #Malware #ThreatIntel #PeckBirdy