Kancelaria Adwokacka Adwokat Aleksandra Krzemińska The following can be used as a fingerprint to identify the malicious files (based on the OLE file information provided by VT): Author There are several attributes that are unique to BatLoader’s attack methodology that Carbon Black’s MDR team has seen in infected customer environments. In this article, we will explore this malware campaign, addressing the history of BatLoader, its attributes, how it is delivered, the infection chain, and Carbon Black’s detection of the malware. The use of living-off-the-land binaries makes this campaign hard to detect and block especially early on in the attack chain. The threat actors utilize search engine optimization (SEO) poisoning to lure users to download the malware from compromised websites. Named by Mandiant, BatLoader is an initial access malware that heavily uses batch and PowerShell scripts to gain a foothold on a victim machine and deliver other malware.

One such threat that has been particularly prevalent over the last couple of months is BatLoader.

VMware Carbon Black Managed Detection and Response (MDR) analysts are constantly handling security incidents within our customer environments and tracking emerging and persistent malware campaigns. Contributors: Deborah Snyder and Nikki Benoit Executive Summary