New Wave of SquidLoader Malware Targeting Financial Institutions
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated malware campaign is targeting financial services in Hong Kong with SquidLoader, a highly evasive malware that deploys Cobalt Strike Beacon for remote access. The malware exhibits advanced anti-analysis, anti-sandbox, and anti-debugging techniques, achieving near-zero detection rates on VirusTotal. The attack chain is complex and poses a significant threat to targeted organizations. The analysis provides detailed technical insights into SquidLoader's features and indicators of compromise, including SHA256 hashes for samples found in Hong Kong, Singapore, China, and Australia. The campaign utilizes multiple command and control servers, primarily mimicking Kubernetes API endpoints.
OPENCTI LABELS :
cobalt strike,cobalt strike beacon,squidloader
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
New Wave of SquidLoader Malware Targeting Financial Institutions