SAS 2021: Learning to ChaCha with APT41

October 13, 2021

SAS 2021 featured 990x400 3

Straight from the sunny UK to the stage of SAS-at-Home 2021, John Southworth (PwC) will be giving some insights about the threat actor APT41, also known as Red Kelpie and Winnti. Starting with APT10 (Red Apollo), the presentation will dance you through the malware used by APT41 – the Motnug loader and its descendant, the ChaCha loader, to some thoughts on the actor’s attribution and the payload, including the infamous CobaltStrike.

Indicators of compromise, YARA rules, and Python scripts for the Kaspersky TheSAS2021 talk “Learning to ChaCha with APT41“: https://github.com/PwCUK-CTO/TheSAS2021-Red-Kelpie

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source
Tags: , ,

You may have missed

play news ransomware

Play Ransomware Victim: Alltruck Bodies

April 19, 2024
play news ransomware

Play Ransomware Victim: Engineered Automation of Maine

April 19, 2024
play news ransomware

Play Ransomware Victim: SIS Automatisering

April 19, 2024
play news ransomware

Play Ransomware Victim: Pennsylvania Convention Center

April 19, 2024
play news ransomware

Play Ransomware Victim: P??????? & ????

April 19, 2024