Track Common Adversary Tasks Performed Using Avenger

 




To know more about it, you can go through my detailed document by clicking here









Overview

Avenger is a downloader used by BRONZE BUTLER (since at least 2019) cyber espionage group active since 2008, and mainly targets Japanese organizations. Avenger can - drastically affect the Windows Operating System, send XOR encrypt files to C2, easily extract backdoor malware via downloaded images, inject shellcode, download C2 files to a compromised host, identify installed anti-viruses in the compromised host, etc...

Capabilities

This malware possesses following abilities:

  • It can easily evade detection with the help of various techniques like- including encrypting or obfuscating files, using steganography, communicating through web traffic, etc.; which makes it very difficult to detect and analyze the malware.

  • It can also use process injection, transfer tools, or the other files from an external system, and/or obfuscation techniques to hide the intrusive artifacts, in order to avoid any kind of detection.

  • This tool may also come-in handy for an adversary to gain all the information about a particular security software, configurations, defensive tools, and sensors that are installed in a system, so that it can analyze the target easily.


Mitigation

In order to prevent your system from Avenger malware, you can follow these steps:
  • This malware can be mitigated by simply - detecting file obfuscation or steganography, analyzing any kind of uncommon data flow, etc.

  • Regular monitoring of the created files as well as transferred files, and deobfuscated or decoded files/information, can also help in the detection of this malware.

  • Keeping track of the system as well as network activity data may help in detecting any kind of potential lateral movement by the adversary.
















To know more about it, you can go through my detailed document by clicking here




















Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Deployment (Part 2)