LemonDucks evading detection. [Research Saturday]
CyberWire Daily
00:00
Oati Cleans the Kitchen to Cook the Dock
It's very well masqueraded. So it starts off, you know, obviously someone has found these,. open a p is, and then basically puts in a small file that basical then loads. They put the nor it's usual you se x r as as a process name. But basically, it will reach out, down load the file. It tries to disguise itself. Initially. It'll look like a p and g file, which makes very little sense. But comes ais cord dot p and g, down loads the file, then it executes a script, grabs the actual crypto minor load and then starts to execute. Oati kind of just yo cleans the kitchen
Play episode from 06:42
Transcript
