Moshen Dragon – Abusing Security Software to Sideload PlugX and ShadowPad
SentinelLabs researchers are tracking the activity of a Chinese-aligned cyberespionage threat actor operating in Central-Asia, dubbed ‘Moshen Dragon’.
As the threat actor faced difficulties loading their malware against the SentinelOne agent, SentinelOne observed an unusual approach of trial-and-error abuse of traditional antivirus products to attempt to sideload malicious DLLs.
Moshen Dragon deployed five different malware triads in an attempt to use DLL search order hijacking to sideload ShadowPad and PlugX variants.
Moshen Dragon deploys a variety of additional tools, including an LSA notification package and a passive backdoor known as GUNTERS.
Featured Resources
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe