DodgeBox: A deep dive into the updated arsenal of APT41

July 11, 2024, 12:33 p.m.

Description

This blog post provides an in-depth technical analysis of a newly discovered malware loader called DodgeBox, which is attributed to the China-based advanced persistent threat (APT) actor APT41. DodgeBox incorporates various evasion techniques such as call stack spoofing, DLL sideloading, DLL hollowing, and environmental guardrails to evade detection. The analysis also highlights the similarities between DodgeBox and the previously known StealthVector tool associated with APT41, leading to the attribution of this new malware to the same threat actor with moderate confidence.

External References

https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
https://otx.alienvault.com/pulse/668fca957baf422e058e7756
Tags
loader
evasion
china
2024-07-11
stealthvector
moonwalk
nationstate
dodgebox

Date

  • Created: July 11, 2024, 12:05 p.m.
  • Published: July 11, 2024, 12:05 p.m.
  • Modified: July 11, 2024, 12:33 p.m.

Indicators

  • bc92e8e964e0492b3595d9470e59941bded90082040ac436583b9f3269e1e550
Download all indicators here!

Attack Patterns

  • MoonWalk
  • DodgeBox
  • APT41

Additional Informations

  • British Indian Ocean Territory
  • India
  • Taiwan
  • Thailand