Summary
JPCERT/CC discovered recently attacks that infected routers in Japan with malware around February 2023.
This analysis is focused in the loaders discovered by them
60bcd645450e4c846238cf0e7226dc40c84c96eba99f6b2cffcd0ab4a391c8b33e44c807a25a56f4068b5b8186eee5002eed6f26d665a8b791c472ad154585d1
Some of the behaviors identified in the routers, are too generic, which means that can be used in Linux endpoints intrusions too. For that reason, I decided to analyze the samples and contribute to the Sigma community to idenfity new detection opportunities based on the samples and the analysis of JPCERT/CC.
info
The objective of the analysis is to provide information about the execution of these loaders and how we can detect them using Sigma Rules