Along with the IPfuscation technique, we have identified a number of markers which have allowed us to pivot into additional discoveries around the actor or group behind this campaign. In this post, we describe this novel technique as it is used across several variants of malware. The sample at the end of this chain is not necessarily sophisticated or particularly novel, but it does leverage an interesting obfuscation technique that we have dubbed “IPfuscation”. In a recent IR engagement, our team happened upon a rather interesting packer ( aka crypter or obfuscator) that was ultimately utilized to construct and execute shellcode responsible for downloading a Cobalt Strike Beacon. By James Haughom, Antonis Terefos, Jim Walter, Jeff Cavanaugh, Nick Fox, and Shai Tilias Overview
0 Comments
Leave a Reply. |