Description
This blog post provides an in-depth technical analysis of a newly discovered malware loader called DodgeBox, which is attributed to the China-based advanced persistent threat (APT) actor APT41. DodgeBox incorporates various evasion techniques such as call stack spoofing, DLL sideloading, DLL hollowing, and environmental guardrails to evade detection. The analysis also highlights the similarities between DodgeBox and the previously known StealthVector tool associated with APT41, leading to the attribution of this new malware to the same threat actor with moderate confidence.
Date
| Published | Created | Modified |
|---|---|---|
| July 11, 2024, 12:05 p.m. | July 11, 2024, 12:05 p.m. | July 11, 2024, 12:33 p.m. |
Indicators
bc92e8e964e0492b3595d9470e59941bded90082040ac436583b9f3269e1e550
Attack Patterns
MoonWalk
DodgeBox
APT41
T1480.001
T1574.002
T1480
T1562.001
T1106
T1027
Additional Informations
British Indian Ocean Territory
India
Taiwan
Thailand