The Leap of a Cycldek-related Threat Actor
released on 2021-04-07 @ 03:51:45 PM
In the nebula of Chinese-speaking threat actors, it is quite common to see tools and methodologies being shared. One such example of this is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be side-loaded by it, and an encoded payload, generally dropped from a self-extracting archive. In this blog post Kaspersky describes an investigation which caught their attention due to the various improvements a loader brought to this well-known infection vector.