MoonWalk: A deep dive into the updated arsenal of APT41 Part 1| Part 2

    Sunday, July 28, 2024 In: Threat Research Print

    Date: 07/25/2024

    Severity: Medium

    Summary

    In April 2024, Zscaler ThreatLabz discovered DodgeBox, a new loader. Upon investigation, it was linked to StealthVector variants used by APT41 / Earth Baku. DodgeBox loads MoonWalk, a new backdoor with similar evasion tactics and Google Drive for C2 communication.

    Indicators of Compromise (IOC) List

          Hash

    0d068b6d0523f069d1ada59c12891c4a

b3067f382d70705d4c8f6977a7d7bee4

294cc02db5a122e3a1bc4f07997956da

bcac2cbda36019776d7861f12d9b59c4

f062183da590aba5e911d2392bc29181

4141c4b827ff67c180096ff5f2cc1474

bc85062de0f70afd44bb072b0b71a8cc

72070b165d1f11bd4d009a81bf28a3e5

f0953ed4a679b987a2da955788737602

393065ef9754e3f39b24b2d1051eab61

d72f202c1d684c9a19f075290a60920f

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Hash

    md5hash IN ("4141c4b827ff67c180096ff5f2cc1474","d72f202c1d684c9a19f075290a60920f","bc85062de0f70afd44bb072b0b71a8cc","b3067f382d70705d4c8f6977a7d7bee4","393065ef9754e3f39b24b2d1051eab61","294cc02db5a122e3a1bc4f07997956da","0d068b6d0523f069d1ada59c12891c4a","bcac2cbda36019776d7861f12d9b59c4","f0953ed4a679b987a2da955788737602","72070b165d1f11bd4d009a81bf28a3e5","f062183da590aba5e911d2392bc29181")

    Reference:

    https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1#indicators-of-compromise--iocs-

    https://www.zscaler.com/blogs/security-research/moonwalk-deep-dive-updated-arsenal-apt41-part-2#indicators-of-compromise--iocs-

     

     

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.