Call stack spoofing explained using APT41 malware
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 84e6f858-9189-48c0-891f-bee2443e182d |
| Fingerprint | ec15c91ac83a2abd |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Oct. 17, 2024, 12:56 p.m. |
| Added to db | Oct. 17, 2024, 3:52 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Call stack spoofing explained using APT41 malware |
| Title | Call stack spoofing explained using APT41 malware |
| Detected Hints/Tags/Attributes | 17/1/10 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 158 | ✔ | Malware Analysis, News and Indicators - Latest topics | https://malware.news/latest.rss | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 84 | www.zscaler.com |
|
| Details | Domain | 20 | labs.withsecure.com |
|
| Details | File | 82 | kernelbase.dll |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 125 | ntoskrnl.exe |
|
| Details | File | 380 | notepad.exe |
|
| Details | sha256 | 3 | 33fd050760e251ab932e5ca4311b494ef72cee157b20537ce773420845302e49 |
|
| Details | Threat Actor Identifier - APT | 522 | APT41 |
|
| Details | Url | 3 | https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1 |
|
| Details | Url | 3 | https://labs.withsecure.com/publications/spoofing-call-stacks-to-confuse-edrs |