DodgeBox: A deep dive into the updated arsenal of APT41

Date: 07/13/2024

Severity: Medium

Summary

"DodgeBox" refers to a new tool or capability recently integrated into the malware arsenal of the Chinese advanced persistent threat (APT) group known as APT41. This tool represents an advancement in their cyber operations, enhancing their ability to conduct sophisticated attacks and evade detection by cybersecurity defenses. Its emergence underscores APT41's ongoing evolution and the persistent threat they pose to organizations worldwide.

Indicators of Compromise (IOC) List

Hash

0d068b6d0523f069d1ada59c12891c4a

b3067f382d70705d4c8f6977a7d7bee4

d72f202c1d684c9a19f075290a60920f

294cc02db5a122e3a1bc4f07997956da

393065ef9754e3f39b24b2d1051eab61

bcac2cbda36019776d7861f12d9b59c4

f062183da590aba5e911d2392bc29181

4141c4b827ff67c180096ff5f2cc1474

bc85062de0f70afd44bb072b0b71a8cc

72070b165d1f11bd4d009a81bf28a3e5

f0953ed4a679b987a2da955788737602

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Hash

md5hash IN ("0d068b6d0523f069d1ada59c12891c4a","bc85062de0f70afd44bb072b0b71a8cc","f0953ed4a679b987a2da955788737602","294cc02db5a122e3a1bc4f07997956da","393065ef9754e3f39b24b2d1051eab61","d72f202c1d684c9a19f075290a60920f","f062183da590aba5e911d2392bc29181","72070b165d1f11bd4d009a81bf28a3e5")

Reference:

https://thehackernews.com/2024/07/chinese-apt41-upgrades-malware-arsenal.html

https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1#indicators-of-compromise--iocs-

DodgeBox: A deep dive into the updated arsenal of APT41

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Share This

Comments