What is the LODEINFO malware? Analysis of LODEINFO The infection flow Update of the Downloader Shellcode Remote Template Injection Maldoc VBA code embedded in Maldoc Microsoft Office language check The Downloader Shellcode Fake PEM file decryption Deployment of LODEINFO Backdoor Shellcode loaded int…| Researcher Blog - ITOCHU Cyber & Intelligence Inc.
Researcher Blog - ITOCHU Cyber & Intelligence Inc.| Researcher Blog - ITOCHU Cyber & Intelligence Inc.
Introduction About Windows Sandbox Windows Enable Windows Sandbox Default user Windows Defender settings Configuration file (.wsb) Virtual Hard Disk (VHDX) The attack methods Emerging threats Monitoring and Investigation for Windows Sandbox Monitoring Monitoring for host machine and network Monitori…| Researcher Blog - ITOCHU Cyber & Intelligence Inc.
Introduction Malware group History Analysis of BloodAlchemy Initial infection vector and infection flow Analysis of malicious DLL Analysis of shellcode Analysis of payload (BloodAlchemy) Structures Functions Creation of VFT associated with each communication protocol Backdoor commands The code simil…| Researcher Blog - ITOCHU Cyber & Intelligence Inc.
Background What is Tropic Trooper? The Need for Attribution Overall picture of the campaign Similarities to previous samples Similarities between EntryShell and KeyBoy Relationship between the new malware CrowDoor and FamousSparrow What is FamousSparrow? A new malware CrowDoor Summary Special thanks…| Researcher Blog - ITOCHU Cyber & Intelligence Inc.
Introduction Infection flow Malicious email Analysis results Discussion Countermeasures IoCs This post is also available in: 日本語 Introduction ITOCHU Cyber & Intelligence Inc. (abbr. : ICI) routinely observes a large volume of spam emails to identify new attack tactics and the early stages of mass-at…| Researcher Blog - ITOCHU Cyber & Intelligence Inc.
Summary Targeted Attack Mail Attachments Infection flow of malware Launching shortcut files Malware Analysis and Description of Operation Installer Operation Loader Operation Attacker’s mistake? The threat actor Countermeasures IoCs Destination of Cobalt Strike Beacon (C2 Server) Details of each fil…| Researcher Blog - ITOCHU Cyber & Intelligence Inc.