BAIJIU: New Malware Abuses Popular Japanese Web Hosting Service
released on 2017-05-12 @ 11:38:57 PM
BAIJIU’s goal in this attack was to deploy a set of espionage tools through a downloader we call TYPHOON and a set of backdoors we call LIONROCK.
Three distinctive elements of BAIJIU drew and held our attention: the unusual complexity of the attack; the appropriation of web hosting service GeoCities (of 1990s fame); and the use of multiple methods of obfuscation.