Cisco Talos has discovered a relatively new attack framework called “Manjusaka” (which can be translated to “cow flower” from the Simplified Chinese writing) by their authors, being used in the wild.
As defenders, it is important to keep track of offensive frameworks such as Cobalt Strike and Sliver so that enterprises can effectively defend against attacks employing these tools. Although we haven’t observed widespread usage of this framework in the wild, it has the potential to be adopted by threat actors all over the world. This disclosure from Talos intends to provide early notification of the usage of Manjusaka. Talos researchers also detail the framework’s capabilities and the campaign that led to the discovery of this attack framework in the wild.