Using a polymorphic approach to thwart memory analysis and evade signaturing.Generating unique session keys for each connection to the C2 server.
CHINESE ESPIONAGE GROUP DEPLOYS COMPATIBLE WITH WINDOWS 10
Leveraging existing Windows registry key that is enabled by default in Windows 10 to store configuration data.Transmitting payloads in modified RC4-encrypted chunks, making the decryption of the code more difficult.BendyBear CapabilitiesīendyBear is described as a new class of shellcode with unique capabilities, including: The malware has been deployed by the group as part of cyberespionage campaigns across Southeast Asia. The researchers' report notes: "The BendyBear sample was determined to be 圆4 shellcode for a stage-zero implant whose sole function is to download a more robust implant from a command and control (C2) server." Palo Alto researchers describe the malware as one of the "most sophisticated, well-engineered and difficult-to-detect samples of shellcode employed by an advanced persistent threat group." See Also: OnDemand | Understanding Human Behavior: Tackling Retail's ATO & Fraud Prevention ChallengeīendyBear is a stage-zero implant that has been designed to download more advanced malware from its command-and-control server. BlackTech, a Chinese advanced persistent threat group, is deploying a sophisticated new shellcode called BendyBear as part of its latest espionage campaign security firm Palo Alto Networks reports.
0 kommentar(er)
