Talisman Malware

Talisman is the name of a piece of malware discovered in mid-2022. The malware was spotted in the wild in a campaign targeting telecommunication operators located in South Asia.

According to researchers, Talisman is a new spinoff of the older PlugX malware. Talisman uses DLL search order hijacking in conjunction with techniques abusing several normal and legitimate anti-malware solutions. Once the hackers hijack the DLL file, they use it to decrypt the final payload which is either Talisman or ShadowPad.

Once the malware has been decrypted and deployed, it uses either task scheduling or Windows services to gain persistence on the compromised system.

The campaign in which Talisman was first spotted is believed to be conducted by a Chinese-aligned threat actor. Researchers have called the threat actor behind it Moshen Dragon and believe they share tactics and methods of operation with another advanced persistent threat actor believed to be aligned with China, called Nomad Panda.

The threat actor using Malware in the early 2022 campaign targeting telecom operators and companies is also using tools associated with cyber espionage and lateral movement across compromised networks. The methods that the threat actors use to infiltrate their targets originally and the initial attack vector are still uncertain.

May 4, 2022