Home > List all groups > List all tools > List all groups using tool LESLIELOADER

Threat Group Cards: A Threat Actor Encyclopedia

Names	LESLIELOADER
Category	Tools
Type	Loader
Description	(Kroll) The loader achieves its goal by decoding and decrypting a secondary payload binary, then injecting it into a notepad.exe instance. This injection allows the malware to blend with legitimate system activity as it shares the memory space of a legitimate application. Despite detection tools’ ability to mitigate process injections, they remain a common evasion tactic.
Information	<https://www.kroll.com/en/insights/publications/cyber/leslieloader-undocumented-loader-observed> <https://go.recordedfuture.com/hubfs/reports/cta-2024-0716.pdf>

Last change to this tool card: 27 August 2024

Download this tool card in JSON format

1 group listed (1 APT, 0 other, 0 unknown)

APT groups