Since 2022, cyber espionage operations utilizing POISONPLUG.SHADOW have been tracked, employing a custom obfuscating compiler called ScatterBrain. This evolved version of ScatterBee targets entities in Europe and Asia Pacific. POISONPLUG.SHADOW, a variant of the POISONPLUG modular backdoor, uses advanced obfuscation techniques to evade detection. The blog post details the analysis of ScatterBrain, including its modes of operation, protection components, and the development of a deobfuscator. It explains the process of CFG recovery, import restoration, and binary reconstruction. The research provides insights into combating sophisticated obfuscation techniques and contributes to enhancing cybersecurity defenses against evolving threats. Author: AlienVault
Related Tags:
poisonplug.deed
poisonplug
ScatterBrain
T1027.004
T1552.003
T1558.001
T1553.002
T1027.003
T1554
Associated Indicators:
60678E352F3C849E36413F5DE51B5EECA1180840C818F9ECE0A0DA803EB205A5
12180FF028C1C38D99E8375DD6D01F47F6711B97
F7576BC246E4BF5E47F54BA957371C938FEC122C
0009F4B9972660EEB23FF3A9DCCD8D86
79313BE39679F84F4FCB151A3394B8B3
704FB67DFFE4D1DCE8F22E56096893BE
1F1361A67CE4396C3B9DBC198207EF52
4BF608E852CB279E61136A895A6912A9
5C62CDF97B2CAA60448619E36A5EB0B6