ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool MoonWalk

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: MoonWalk

NamesMoonWalk
CategoryMalware
TypeBackdoor
Description(ZScaler) APT41, a China-based nation-state threat actor known for campaigns in Southeast Asia, has been observed using a new backdoor called MoonWalk.
MoonWalk shares a common development toolkit with DodgeBox, reusing code that implements evasive techniques such as DLL hollowing, import resolution, DLL unhooking, and call stack spoofing. Additionally, MoonWalk employs further evasion tactics, including the use of Google Drive as its C2 channel to blend in with legitimate network traffic and the utilization of Windows Fibers to evade AV/EDR security solutions.
MoonWalk's modular design allows attackers to easily update its capabilities, modify its behavior, and customize functionality for different scenarios.
Information<https://www.zscaler.com/blogs/security-research/moonwalk-deep-dive-updated-arsenal-apt41-part-2>

Last change to this tool card: 26 August 2024

Download this tool card in JSON format

All groups using tool MoonWalk

ChangedNameCountryObserved

APT groups

 APT 41China2012-Aug 2024 HOTX

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]