New APT Group Using Custom Malware to Attack Manufacturing & IT Industries
released on 2023-10-12 @ 04:22:50 PM
This activity involves a DLL sideloading attack through API SbieDll_Hook, loading tools such as Cobalt Strike Stager, Cobalt Strike Beacon, the Havoc framework, and NetSpy. Threat actors, in this case, encrypted the payload from imfsb.ini, then used CVE-2019-0803 to run shellcode in an effort to terminate the processes from processlist.txt, and finally sent the Mimikatz for credential dumping.