Tag: dll side-loading

9 Attack Reports | 0 Vulnerabilities

Attack reports

Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks

Pakistan-linked SideCopy APT has expanded its targeting to include Indian railways, oil & gas, and external affairs ministries. The group has shifted from HTA files to MSI packages for staging, employing advanced techniques like DLL side-loading and reflective loading. They are leveraging customize…
apt
rat
phishing
dll side-loading
multi-platform
msi
spark rat
2025-04-08
xeno rat
curlback rat
Published: April 8, 2025
Downloadable IOCs: 28

The Espionage Toolkit: A Closer Look at its Advanced Techniques

Earth Alux, a China-linked APT group, is actively conducting cyberespionage attacks against key sectors in the APAC and Latin American regions. The group exploits vulnerable services in exposed servers to gain initial access and deploys web shells like GODZILLA. Their primary backdoor, VARGEIT, is …
apt
cyberespionage
godzilla
dll side-loading
latin america
2025-03-31
apac
vargeit
railsetter
masqloader
rsbinject
railload
cobeacon
Published: March 31, 2025
Downloadable IOCs: 0

Legacy Driver Exploitation Through Bypassing Certificate Verification

A new security threat using the Legacy Driver Exploitation technique has been identified, focusing on remote system control via Gh0stRAT malware. The attack distributes malware through phishing and messaging apps, utilizing DLL side-loading for additional payloads. A modified TrueSight.sys driver b…
gh0strat
dll side-loading
avkiller
2025-03-18
padding manipulation
legacy driver exploitation
CVE-2013-3900
certificate verification
driver vulnerability
truesight.sys
Published: March 18, 2025
Downloadable IOCs: 3

Python Bot Delivered Through DLL Side-Loading

A sophisticated malware campaign employs DLL side-loading to deliver a Python bot. The attack begins with a ZIP archive containing a legitimate PDF reader executable and a hidden malicious DLL. When executed, the malicious DLL is loaded instead of the intended Microsoft one, altering the PDF reader…
persistence
dll side-loading
evasion techniques
bitbucket
2025-03-18
code obfuscation
pdf reader
python bot
Published: March 18, 2025
Downloadable IOCs: 0

Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques

ValleyRAT, a sophisticated multi-stage malware attributed to Silver Fox APT, has updated its tactics, techniques, and procedures. The malware targets key roles in finance, accounting, and sales departments using phishing emails, malicious websites, and instant messaging platforms. The infection cha…
phishing
persistence
valleyrat
keylogger
dll side-loading
c2 communication
anti-vm
2025-02-05
ghostrat
silver fox apt
Published: February 5, 2025
Downloadable IOCs: 12

Iranian Dream Job campaign

An Iranian campaign targeting the aerospace industry has been uncovered, distributing SnailResin malware through a 'dream job' scheme. Attributed to TA455, a subgroup of Charming Kitten, the campaign uses social engineering tactics on LinkedIn, impersonating recruiters to lure victims. The attack e…
evasion
iran
aerospace
dll side-loading
2024-11-12
linkedin
slugresin
dream job
charming kitten
snailresin
apt35
Published: November 12, 2024
Downloadable IOCs: 26

WINELOADER Analysis

APT29, also known as Cozy Bear, has targeted European diplomats using a sophisticated multi-stage attack chain involving a new modular backdoor called WINELOADER. The attack begins with a fake PDF invitation to a wine-tasting event, which leads to the download of a malicious HTA file. This file the…
backdoor
wineloader
evasion
modular
diplomats
dll side-loading
apt29
cozy bear
2024-11-07
dll hollowing
Published: November 7, 2024
Downloadable IOCs: 0

New Trend in MSI File Abuse: New Use of MST Files to Deliver Tromas

The New OceanLotus group has reactivated after a year, employing a novel tactic of MSI file misuse. This APT campaign, targeting a domestic governmental enterprise, marks the first observed use of the MSI TRANSFORMS technique by an APT group. The attack utilizes a legitimate Microsoft installation …
shellcode
dll side-loading
spear-phishing
2024-11-06
rust trojan
governmental targets
tromas
mst files
apt-q-31
msi abuse
Published: November 6, 2024
Downloadable IOCs: 0

Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders

A long-term intrusion targeting a Vietnamese human rights non-profit organization has been discovered, likely spanning at least four years. The attack shows significant overlaps with techniques used by APT32/OceanLotus, a threat actor known for targeting Vietnamese activists. The intrusion involved…
backdoor
apt
cobalt strike
persistence
steganography
vietnam
2024-09-03
dll side-loading
com hijacking
human rights
Published: September 3, 2024
Downloadable IOCs: 46
Click here to see more Attack Reports