New Yokai Side-loaded Backdoor Targets Thai Officials
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new backdoor named Yokai has been discovered targeting Thai officials. The malware is distributed via RAR files containing shortcut files that create decoy documents and execute a dropper. The dropper deploys a legitimate iTop Data Recovery application used to side-load the Yokai backdoor DLL. Yokai creates scheduled tasks, collects system information, and communicates with command and control servers to receive commands and exfiltrate data. It uses encryption and checksum validation for C2 communication. The backdoor provides remote shell access and can execute arbitrary commands. This attack demonstrates the continued use of DLL side-loading techniques by threat actors to evade detection.
OPENCTI LABELS :
backdoor,dropper,yokai,thailand
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
New Yokai Side-loaded Backdoor Targets Thai Officials