Call stack spoofing explained using APT41 malware – CYBER GEEKS
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 46501eeb-ef9b-4df3-9b1c-d45c5273b16f |
| Fingerprint | 4a27c130ec19d215 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Oct. 17, 2024, midnight |
| Added to db | Oct. 18, 2024, 10:25 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Call stack spoofing explained using APT41 malware |
| Title | Call stack spoofing explained using APT41 malware – CYBER GEEKS |
| Detected Hints/Tags/Attributes | 17/1/10 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://cybergeeks.tech/call-stack-spoofing-explained-using-apt41-malware/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 91 | ✔ | CYBER GEEKS | https://cybergeeks.tech/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 84 | www.zscaler.com |
|
| Details | Domain | 20 | labs.withsecure.com |
|
| Details | File | 82 | kernelbase.dll |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 125 | ntoskrnl.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | sha256 | 3 | 33fd050760e251ab932e5ca4311b494ef72cee157b20537ce773420845302e49 |
|
| Details | Threat Actor Identifier - APT | 522 | APT41 |
|
| Details | Url | 3 | https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1 |
|
| Details | Url | 3 | https://labs.withsecure.com/publications/spoofing-call-stacks-to-confuse-edrs |