Today > | 7 High | 23 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

The Dark Knight Returns: Joker malware analysis

Oct. 3, 2024, 3:21 p.m.

Description

The report details sophisticated command and control (C2) techniques employed by the APT41 threat group. APT41 uses custom malware and legitimate tools to maintain persistent access to compromised networks while evading detection. Key techniques include DNS tunneling, domain fronting, and steganography to hide C2 traffic. The group also leverages cloud services and social media platforms as C2 channels. APT41 continually evolves their tactics to bypass security controls, making attribution and detection challenging. The report provides technical details on APT41's C2 infrastructure and recommendations for defending against their techniques.

Date

Published: Oct. 3, 2024, 2:43 p.m.

Created: Oct. 3, 2024, 2:43 p.m.

Modified: Oct. 3, 2024, 3:21 p.m.

Indicators

77c33a576601f466d7d8cc261e8ca4a2fdc490175b4cc82eec40a640a57b29d3

https://epayment.teleaudio.pl/api2/typeundef_

https://epayment.teleaudio.pl/api2/ta/direct/status/

https://epayment.teleaudio.pl/api2/ta/direct/confirm

http://kamisatu.top/setting/scenery

window.jbridge.call

epayment.teleaudio.pl

kamisatu.top

Attack Patterns

APT41

T1572

T1573

T1071

T1102

T1132

T1001