IOC Radar
TLP:WHITE1 IOC

Call stack spoofing explained using APT41 malware

CG
Cyber Geeks
Published October 17, 2024Original Report

Threat Actors

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYAPT41INFRASTRUCTUREunknownCAPABILITYunknownVICTIMunknown
Adversary(1)
Infrastructure
Capability
Victim

Attack Flow8 steps · MITRE ATT&CK mapped

ExecutionTA0002·T1059
1/8
Command and Scripting Interpreter
ActionDecrypt strings at runtime
Malware decrypts relevant strings at runtime using AES with a hard-coded key.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise1

TypeIndicatorConfidenceScoreFirst Seen
SHA25633fd050760e251ab932e5ca4311b494ef72cee157b20537ce773420845302e49
file-hashindicatorintel-blog
Medium
53
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph1 total IOCs
SHA256
SHA2561Actors1REPORTCall stack spoofing explaiAPT41
scroll to zoom · drag to pan · click IOC to open