DodgeBox: A deep dive into the updated arsenal of APT41
Essential information
- Published
- 11/07/2024 12:05
- Modified
- 11/07/2024 12:33
- Tags
- 2024-07-11 china dodgebox evasion loader moonwalk nationstate stealthvector
- Related entities
- 1 observables, 1 intrusion sets (apt), 6 techniques (mitre), 2 malware, 4 others
Description
This blog post provides an in-depth technical analysis of a newly discovered malware loader called DodgeBox, which is attributed to the China-based advanced persistent threat (APT) actor APT41. DodgeBox incorporates various evasion techniques such as call stack spoofing, DLL sideloading, DLL hollowing, and environmental guardrails to evade detection. The analysis also highlights the similarities between DodgeBox and the previously known StealthVector tool associated with APT41, leading to the attribution of this new malware to the same threat actor with moderate confidence.