Names | MoonWalk | |
Category | Malware | |
Type | Backdoor | |
Description | (ZScaler) APT41, a China-based nation-state threat actor known for campaigns in Southeast Asia, has been observed using a new backdoor called MoonWalk. MoonWalk shares a common development toolkit with DodgeBox, reusing code that implements evasive techniques such as DLL hollowing, import resolution, DLL unhooking, and call stack spoofing. Additionally, MoonWalk employs further evasion tactics, including the use of Google Drive as its C2 channel to blend in with legitimate network traffic and the utilization of Windows Fibers to evade AV/EDR security solutions. MoonWalk's modular design allows attackers to easily update its capabilities, modify its behavior, and customize functionality for different scenarios. | |
Information | <https://www.zscaler.com/blogs/security-research/moonwalk-deep-dive-updated-arsenal-apt41-part-2> |
Last change to this tool card: 26 August 2024
Download this tool card in JSON format
Previous: MOONSHINE
Next: MoonWind RAT
Changed | Name | Country | Observed | ||
APT groups | |||||
APT 41 | 2012-Aug 2024 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |