Official forum for Utopia Community
You are not logged in.
To avoid detection and launch the payload, the threat actors behind the CatB ransomware operation have been observed using a technique known as DLL search order hijacking.
Based on code-level similarities, CatB, also known as CatB99 and Baxtoy, emerged late last year and is said to be a "evolution or direct rebrand" of another ransomware strain known as Pandora. It's worth noting that the use of Pandora has been attributed to Bronze Starlight (aka DEV-0401 or Emperor Dragonfly), a China-based threat actor that's known to employ short-lived ransomware families as a ruse to likely conceal its true objectives.
One of the key defining characteristics of CatB is its reliance on DLL hijacking via a legitimate service called Microsoft Distributed Transaction Coordinator (MSDTC) to extract and launch the ransomware payload.
"Upon execution, CatB payloads rely on DLL search order hijacking to drop and load the malicious payload," SentinelOne researcher Jim Walter said in a report published last week. "The dropper (versions.dll) drops the payload (oci.dll) into the System32 directory."
Offline
interesting post, please do more posts on this topic.
Offline
interesting post, please do more posts on this topic.
How can I do more posts on the topic when that's all the information I could get? It's not nice to provide false information which are the exact things we need to fix in the cryptocurrency market now.
Offline
How can I do more posts on the topic when that's all the information I could get? It's not nice to provide false information which are the exact things we need to fix in the cryptocurrency market now.
We are constantly given false information: from the internet, newspapers, tv and much more. How can we tell the difference between true and untrue information?
Offline