uTalk

Official forum for Utopia Community

You are not logged in.

#1 2023-03-20 23:46:46

IyaJJJ
Member
Registered: 2023-01-25
Posts: 2,082

Researchers Explain the Evasion Methods Used by the CatB Ransomware

To avoid detection and launch the payload, the threat actors behind the CatB ransomware operation have been observed using a technique known as DLL search order hijacking.

Based on code-level similarities, CatB, also known as CatB99 and Baxtoy, emerged late last year and is said to be a "evolution or direct rebrand" of another ransomware strain known as Pandora. It's worth noting that the use of Pandora has been attributed to Bronze Starlight (aka DEV-0401 or Emperor Dragonfly), a China-based threat actor that's known to employ short-lived ransomware families as a ruse to likely conceal its true objectives.

One of the key defining characteristics of CatB is its reliance on DLL hijacking via a legitimate service called Microsoft Distributed Transaction Coordinator (MSDTC) to extract and launch the ransomware payload.

"Upon execution, CatB payloads rely on DLL search order hijacking to drop and load the malicious payload," SentinelOne researcher Jim Walter said in a report published last week. "The dropper (versions.dll) drops the payload (oci.dll) into the System32 directory."

Offline

#2 2023-03-21 11:37:08

Cat
Member
Registered: 2023-03-11
Posts: 153

Re: Researchers Explain the Evasion Methods Used by the CatB Ransomware

interesting post, please do more posts on this topic.

Offline

#3 2023-03-21 23:52:30

IyaJJJ
Member
Registered: 2023-01-25
Posts: 2,082

Re: Researchers Explain the Evasion Methods Used by the CatB Ransomware

Cat;6339 wrote:

interesting post, please do more posts on this topic.

How can I do more posts on the topic when that's all the information I could get? It's not nice to provide false information which are the exact things we need to fix in the cryptocurrency market now.

Offline

#4 2023-03-22 11:45:32

Cat
Member
Registered: 2023-03-11
Posts: 153

Re: Researchers Explain the Evasion Methods Used by the CatB Ransomware

IyaJJJ;6449 wrote:

How can I do more posts on the topic when that's all the information I could get? It's not nice to provide false information which are the exact things we need to fix in the cryptocurrency market now.

We are constantly given false information: from the internet, newspapers, tv and much more. How can we tell the difference between true and untrue information?

Offline

Board footer

Powered by FluxBB