Home > List all groups > List all tools > List all groups using tool MASQLOADER

Threat Group Cards: A Threat Actor Encyclopedia

Names	MASQLOADER
Category	Malware
Type	Loader
Description	(Trend Micro) The first observed loading method used to execute COBEACON payloads is via MASQLOADER, a DLL side-loaded loader. This loader component decrypts its payload using a substitution cipher, where the encrypted payload contains 1-3 character strings that has a hex value equivalent based on MASQLOADER’s substitution table.
Information	<https://www.trendmicro.com/en_us/research/25/c/the-espionage-toolkit-of-earth-alux.html>

Last change to this tool card: 21 April 2025

Download this tool card in JSON format

1 group listed (1 APT, 0 other, 0 unknown)

APT groups