ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool LESLIELOADER

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: LESLIELOADER

NamesLESLIELOADER
CategoryTools
TypeLoader
Description(Kroll) The loader achieves its goal by decoding and decrypting a secondary payload binary, then injecting it into a notepad.exe instance. This injection allows the malware to blend with legitimate system activity as it shares the memory space of a legitimate application. Despite detection tools’ ability to mitigate process injections, they remain a common evasion tactic.
Information<https://www.kroll.com/en/insights/publications/cyber/leslieloader-undocumented-loader-observed>
<https://go.recordedfuture.com/hubfs/reports/cta-2024-0716.pdf>

Last change to this tool card: 27 August 2024

Download this tool card in JSON format

Previous: LEOUNCIA
Next: Licat

All groups using tool LESLIELOADER

ChangedNameCountryObserved

APT groups

 TAG-100China2024 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1227
E-mail [email protected]