May 24, 2024 at 06:00AM
Cybersecurity researchers have identified BLOODALCHEMY, a new form of malware targeting government organizations in Southern and Southeastern Asia, as an updated version of Deed RAT and a successor to ShadowPad. This discovery is crucial due to the history of ShadowPad in APT campaigns. The malware’s capabilities, attack chains, and code similarities have been extensively analyzed.
Key Takeaways from the Meeting Notes:
– The BLOODALCHEMY malware has been identified as an updated version of Deed RAT, which is believed to be a successor to ShadowPad, a malware utilized in numerous APT campaigns.
– This malware has been used in attacks targeting government organizations in Southern and Southeastern Asia, specifically associated with an intrusion set known as REF5961 targeting the Association of Southeast Asian Nations (ASEAN) countries.
– BLOODALCHEMY is a barebones x86 backdoor written in C, capable of various malicious activities including overwriting toolsets, gathering host information, loading additional payloads, and uninstalling and terminating itself.
– The malware employs a run mode to evade analysis in sandbox environments, establish persistence, establish contact with a remote server, and control the infected host through implemented backdoor commands.
Please let me know if you need any further information or summary.