TicTacToe Dropper


While analyzing malware samples collected from several victims, the FortiGuard team identified a grouping of malware droppers used to deliver various final-stage payloads throughout 2023.

Malware droppers are malicious software designed to deliver and execute additional malware on a victim system and are employed to obfuscate final payloads during load and initial execution. Droppers within this group employ multiple stages of obfuscated payloads loading reflectively in memory. Some of the final stage payloads we identified include Leonem, AgentTesla, SnakeLogger, RemLoader, Sabsik, LokiBot, Taskun, Androm, Upatre, and Remcos. FortiGuard researchers have named this group of payloads ‘TicTacToe dropper’ due to a common Polish language string,

Read more…
Source: Fortinet