| Category | Details |
|---|---|
| Threat Actors | Likely cybercriminals leveraging DLL side-loading; specific attribution unknown. |
| Campaign Overview | New backdoor “Yokai” targeting Thai government officials using DLL side-loading; phishing lures with RAR files. |
| Target Regions (Or Victims) | Thai government officials; lures focus on legal cases involving international cooperation. |
| Methodology | – Initial vector suspected to be spear-phishing. – Lures involve shortcut files opening decoy documents while dropping malicious executables. |
| Product Targeted | Devices running Windows; exploits legitimate binaries for DLL side-loading. |
| Malware Reference | Yokai (backdoor), NodeLoader, Remcos RAT. |
| Tools Used | DLL side-loading with legitimate binaries (e.g., “IdrInit.exe”). |
| Vulnerabilities Exploited | – CVE-2017-11882 (Microsoft Equation Editor RCE). – Abuse of legitimate applications (e.g., RegAsm.exe, iTop Data Recovery). |
| TTPs | – DLL side-loading for persistence. – Command and control (C2) for remote commands. – Phishing lures with decoy documents and obfuscated payloads. – Fileless malware execution. |
| Attribution | Target and methodology suggest a sophisticated threat actor; exact attribution not provided. |
| Recommendations | – Educate users about phishing risks. – Use security tools to detect DLL side-loading. – Apply patches for known vulnerabilities (e.g., CVE-2017-11882). |
| Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/thai-officials-targeted-in-yokai.html
The above summary has been generated by an AI language model
Leave a Reply