Last August, the #Splunk Threat Research Team (#STRT) shared a blog about a .NET steganography-based loader being used in campaigns involving Quasar, several Trojan stealers, and other RATs.

Picture Paints a Thousand Codes: Dissecting Image-Based Steganography in a .NET (Quasar) RAT Loader:
https://lnkd.in/dwDSUZyk

In our newest research, we came across an updated version of this loader. This one includes extra stages designed to slip past the static analysis using obfuscation and the simple extraction tool we originally built. In the new blog, we walk through what changed, the small updates we made to the PIXDIG extraction tool and our analysis of the Lokibot payload plus the associated MITRE ATT&CK mapping to help with #SPLUNK detection.

Hide Me Again: The Updated Multi-Payload .NET Steganography Loader That Includes Lokibot

https://lnkd.in/drgwiTYK

I hope it helps 😊

Norrländska Socialdemokratens ledarskribent Veronica Palm presenterar rena faktoider som fakta när hon låter STR-T:s språkrör oemotsagd sprida sina påståenden i denna text. Sedan sprider man det bland norrbottningarna som tolkar det som sanning. Dålig journalistik och oansvarigt.

#norrländskasocialdemokraten #strt #tornedalen #tornedalsfinska

Information Stealer malware remains one of the most active and dangerous threats in the wild. In this blog, #Splunk Threat Research Team #STRT, dive into Braodo Stealer, a Python-based malware designed to steal sensitive information while leveraging a popular developer platform to distribute its payload. We’ve analyzed its techniques, tactics, and procedures (TTPs) and shared the detection strategies we developed to combat this threat. Additionally, we took a closer look at its batch script loader, which employs layered obfuscation to complicate analysis and reverse engineering. To counter this, we created a custom Python de-obfuscation tool, which we detail in this post. #reverseengineering #blueteam #detectionengineering #incidentresponse #splunk #malwareanalysis . 😊

de-obfuscator tool:
https://lnkd.in/du2n7Gh8

Braodo Stealer Blog:
https://lnkd.in/d6bZ5AAX

happy to share the #STRT blog for detections and analysis of #asyncrat campaign. We also include some tips how you can extract the actual payload in its .bat script loader. 🙂 #asyncrat #malware #int3 #SplunkBlogs #splunk #RE

https://www.splunk.com/en_us/blog/security/asyncrat-crusade-detections-and-defense.html

Windows Registry is one of the powerful features of Windows OS that being tweak and abused by Threat actors. In this Splunk Threat Research blog we described common MITRE ATT&CK TTP’s that leverages win registry ( 8/14) including its detections, #atomicredteam testing and analysis. 😊#splunk #malware #STRT#BlueTeam #detectionengineering

https://www.splunk.com/en_us/blog/security/from-registry-with-love-malware-registry-abuses.html