ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool DADJOKE

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: DADJOKE

NamesDADJOKE
CategoryMalware
TypeBackdoor, Exfiltration
DescriptionDADJOKE was discovered as being distributed via email, targeting a South-East Asian Ministry of Defense. It is delivered as an embedded EXE file in a Word document using remote templates and a unique macro using multiple GET requests. The payload is deployed using load-order hijacking with a benign Windows Defender executable. Stage 1 has only beacon+download functionality, made to look like a PNG file. Additional analysis by Kaspersky found 8 campaigns over 2019 and no activity prior to January 2019, DADJOKE is attributed with medium confidence to APT40.
Information<https://www.mycert.org.my/portal/advisory?id=MA-770.022020>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.dadjoke>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:DADJOKE>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

Previous: Dacls RAT
Next: Dadstache

All groups using tool DADJOKE

ChangedNameCountryObserved

APT groups

 Leviathan, APT 40, TEMP.PeriscopeChina2013-Jan 2020 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key