| Category | Details |
|---|---|
| Threat Actors | Likely cybercriminals leveraging DLL side-loading; specific attribution unknown. |
| Campaign Overview | New backdoor “Yokai” targeting Thai government officials using DLL side-loading; phishing lures with RAR files. |
| Target Regions (Or Victims) | Thai government officials; lures focus on legal cases involving international cooperation. |
| Methodology | - Initial vector suspected to be spear-phishing. - Lures involve shortcut files opening decoy documents while dropping malicious executables. |
| Product Targeted | Devices running Windows; exploits legitimate binaries for DLL side-loading. |
| Malware Reference | Yokai (backdoor), NodeLoader, Remcos RAT. |
| Tools Used | DLL side-loading with legitimate binaries (e.g., “IdrInit.exe”). |
| Vulnerabilities Exploited | - CVE-2017-11882 (Microsoft Equation Editor RCE). - Abuse of legitimate applications (e.g., RegAsm.exe, iTop Data Recovery). |
| TTPs | - DLL side-loading for persistence. - Command and control (C2) for remote commands. - Phishing lures with decoy documents and obfuscated payloads. - Fileless malware execution. |
| Attribution | Target and methodology suggest a sophisticated threat actor; exact attribution not provided. |
| Recommendations | - Educate users about phishing risks. - Use security tools to detect DLL side-loading. - Apply patches for known vulnerabilities (e.g., CVE-2017-11882). |
| Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/thai-officials-targeted-in-yokai.html
The above summary has been generated by an AI language model
Leave a Reply