CYFIRMA Research
Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
CYFIRMA Research
CYFIRMA Research: Operation TaxShadow- Multi-Region Tax Phishing & In-Memory Malware Campaign
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Threat Research: Operation Tax Shadow
Explore CYFIRMA's latest report regarding a tax-themed phishing campaign impersonating government tax authorities across multiple countries.
• Multi-stage malware delivery via ZIP archive
• DLL Search Order Hijacking for stealthy execution
• API Hooking and Access Token Manipulation
• COM Callback-based code execution to evade monitoring
• Modified RC4 encryption protecting payloads
• Reflective PE Loading enabling memory-resident execution
• LLVM-based Control Flow Flattening (CFF) for anti-analysis
• WebSocket-based Command-and-Control communication
• Infrastructure reuse observed across Indian and Japanese tax-themed phishing portals
• Chinese-language artifacts identified during analysis
• C2 Communication observed with 43[.]128[.]54[.]184:1234
•Self-protection mechanisms make the malware difficult to terminate during execution
Impact: Full remote access, in-memory execution, and advanced defense evasion capabilities.
Link to the Research Report: https://www.cyfirma.com/research/operation-taxshadow-multi-region-tax-phishing-in-memory-malware-campaign/
#CYFIRMAresearch #ThreatIntelligence #MalwareAnalysis #CyberSecurity #ThreatResearch #Phishing #SOC #ThreatHunting #CYFIRMA #ExternalThreatLandscapeManagement #ETLM
https://www.cyfirma.com/