The loader decrypts the second file, and executes it in memory, which is the main Remote Access Trojan (RAT).įor a downloadable copy of IOCs, see MAR-10292089-1.v2.stix. The first file is a loader, which is started as a service.
Taidoor is installed on a target’s system as a service dynamic link library (DLL) and is comprised of two files. Malicious binaries identified as a x86 and 圆4 version of Taidoor were submitted for analysis. Users or administrators should flag activity associated with the malware and report the activity to the Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation. This MAR includes suggested response actions and recommended mitigation techniques. CISA, FBI, and DoD are distributing this MAR to enable network defense and reduce exposure to Chinese government malicious cyber activity. For more information on Chinese malicious cyber activity, please visit https//FBI has high confidence that Chinese government actors are using malware variants in conjunction with proxy servers to maintain a presence on victim networks and to further network exploitation. Government partners, CISA, FBI, and DoD identified a malware variant used by Chinese government cyber actors, which is known as TAIDOOR.
This Malware Analysis Report (MAR) is the result of analytic efforts between the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD).
0 kommentar(er)
