Jellyfish Loader uses asynchronous task method builders to execute code.
The loader utilizes Fody and Costura to embed dependencies as resources within the executable.
Jellyfish Loader has the capability to send system information upon initial infection and employs SSL certificate validation before Command and Control (C&C) communication.
The C&C further sends shellcode to the victim’s machine for further malicious activities.
The C&C infrastructure, initially used by a Threat Actor (TA) in 2018 for downloading an encrypted PowerShell script, is now being utilized by the Jellyfish Loader.
The coding style of the PowerShell script used to download an encrypted PowerShell content is similar to the samples observed in Olympic Destroyer, as documented by Kaspersky in 2018.
(17TTPs with 'Procedure' level details on the TruKno blog)
Jellyfish Loader uses asynchronous task method builders to execute code.
The loader utilizes Fody and Costura to embed dependencies as resources within the executable.
Jellyfish Loader has the capability to send system information upon initial infection and employs SSL certificate validation before Command and Control (C&C) communication.
The C&C further sends shellcode to the victim’s machine for further malicious activities.
The C&C infrastructure, initially used by a Threat Actor (TA) in 2018 for downloading an encrypted PowerShell script, is now being utilized by the Jellyfish Loader.
The coding style of the PowerShell script used to download an encrypted PowerShell content is similar to the samples observed in Olympic Destroyer, as documented by Kaspersky in 2018.
(17TTPs with 'Procedure' level details on the TruKno blog)
https://lnkd.in/g6cWmAeG
Investigating The New Jellyfish Loader
trukno.com
Technology Program Manager at FIS
1mo🐶🥺