The author was actively developing a loader referred to as “Kiss Loader,” which, at the time of analysis, had not been previously observed and appears to be a newly developed tool representing a potential emerging threat. It employs techniques such as Early Bird APC injection, among others. The experience was both thrilling and remarkable, as the line between analyst and adversary briefly blurred....
The discovery of this APT group's activities serves as a reminder of the ongoing threat landscape facing critical infrastructure. By employing multiple malware families and various tactics, such as spear-phishing emails, the group seeks to evade detection and maintain access to targeted systems for extended periods. This case exemplifies ARC-0043 Motte-and-Bailey, as the group appears to create a strong fortification (motte) of advanced techniques while retreating to simpler methods when necessa...