ioc[.]one - OSINT Cyber Threat Intelligence Database

DodgeBox: A deep dive into the updated arsenal of APT41 | Part 1

Tags

cmtmf-attack-pattern:	Obfuscated Files Or Information
country:	China India Thailand Taiwan
attack-pattern:	Data Indirect Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dll Side-Loading - T1574.002 Dynamic Api Resolution - T1027.007 Environmental Keying - T1480.001 Execution Guardrails - T1480 Execution Guardrails - T1627 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Impair Defenses - T1562 Impair Defenses - T1629 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Native Api - T1575 Python - T1059.006 Reflective Code Loading - T1620 Software - T1592.002 Tool - T1588.002 Dll Side-Loading - T1073 Execution Through Api - T1106 Obfuscated Files Or Information - T1027

Show in Graph

Common Information

Type	Value
UUID	d9a6901d-1701-410c-8746-36cca836cdea
Fingerprint	28051173ad23254c
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 15, 2024, midnight
Added to db	Aug. 31, 2024, 10:41 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	DodgeBox: A deep dive into the updated arsenal of APT41 \| Part 1
Title	DodgeBox: A deep dive into the updated arsenal of APT41 \| Part 1
Detected Hints/Tags/Attributes	84/3/88

Source URLs

	Redirection	Url
Details	Source	https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1

URL Provider

Details	Provider	Source level domain
Details	zscaler.com	www.zscaler.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	405	✔	Blogs Feed	https://www.zscaler.com/blogs/feeds	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	285	microsoft.net
Details	Domain	34	system.data
Details	Domain	10	windows.storage
Details	File	62	taskhost.exe
Details	File	83	sbiedll.dll
Details	File	1	sbiedll.dat
Details	File	2	sandboxiewuau.exe
Details	File	533	ntdll.dll
Details	File	51	system.dat
Details	File	1260	explorer.exe
Details	File	6	mscms.dll
Details	File	1	roboform-x64.dll
Details	File	229	advapi32.dll
Details	File	52	bcrypt.dll
Details	File	12	bcryptprimitives.dll
Details	File	7	cfgmgr32.dll
Details	File	21	combase.dll
Details	File	40	cryptbase.dll
Details	File	25	cryptsp.dll
Details	File	6	dhcpcsvc.dll
Details	File	5	dhcpcsvc6.dll
Details	File	37	dnsapi.dll
Details	File	6	fwpuclnt.dll
Details	File	76	gdi32.dll
Details	File	7	gdi32full.dll
Details	File	16	iertutil.dll
Details	File	16	imm32.dll
Details	File	53	iphlpapi.dll
Details	File	7	appcore.dll
Details	File	748	kernel32.dll
Details	File	82	kernelbase.dll
Details	File	5	msvcp_win.dll
Details	File	80	msvcrt.dll
Details	File	15	mswsock.dll
Details	File	3	napinsp.dll
Details	File	6	nlaapi.dll
Details	File	6	nsi.dll
Details	File	9	ntmarta.dll
Details	File	47	oleaut32.dll
Details	File	3	ondemandconnroutehelper.dll
Details	File	3	pnrpnsp.dll
Details	File	9	powrprof.dll
Details	File	22	apphelp.dll
Details	File	13	profapi.dll
Details	File	8	rasadhlp.dll
Details	File	41	rpcrt4.dll
Details	File	12	rsaenh.dll
Details	File	16	sechost.dll
Details	File	10	shcore.dll
Details	File	185	shell32.dll
Details	File	69	shlwapi.dll
Details	File	20	sspicli.dll
Details	File	15	ucrtbase.dll
Details	File	50	urlmon.dll
Details	File	291	user32.dll
Details	File	37	userenv.dll
Details	File	6	webio.dll
Details	File	9	win32u.dll
Details	File	10	storage.dll
Details	File	34	winhttp.dll
Details	File	146	wininet.dll
Details	File	4	winnlsres.dll
Details	File	6	winnsi.dll
Details	File	5	winrnr.dll
Details	File	11	winsta.dll
Details	File	130	ws2_32.dll
Details	File	2	wshbth.dll
Details	File	41	wtsapi32.dll
Details	md5	1	0d068b6d0523f069d1ada59c12891c4a
Details	md5	1	b3067f382d70705d4c8f6977a7d7bee4
Details	md5	2	d72f202c1d684c9a19f075290a60920f
Details	md5	1	294cc02db5a122e3a1bc4f07997956da
Details	md5	2	393065ef9754e3f39b24b2d1051eab61
Details	md5	1	bcac2cbda36019776d7861f12d9b59c4
Details	md5	1	f062183da590aba5e911d2392bc29181
Details	md5	1	4141c4b827ff67c180096ff5f2cc1474
Details	md5	1	bc85062de0f70afd44bb072b0b71a8cc
Details	md5	1	72070b165d1f11bd4d009a81bf28a3e5
Details	md5	1	f0953ed4a679b987a2da955788737602
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	48	T1480
Details	MITRE ATT&CK Techniques	18	T1480.001
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	28	T1027.007
Details	MITRE ATT&CK Techniques	91	T1620
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	Threat Actor Identifier - APT	522	APT41