CUCKOO SPEAR Part 2: Threat Actor Arsenal

This report presents a technical analysis of the Cuckoo Spear campaign attributed to APT10, detailing two loader variants (NOOPLDR-DLL and NOOPLDR-C#) and the NOOPDOOR shellcode: their persistence mechanisms (service DLL side-loading, msbuild XML), registry-stored encrypted shellcode and AES decryption tied to MachineId, advanced injection techniques using dynamic syscalls, a DGA-based C2 and custom TCP protocol, internal C2 server capabilities, and provided IOCs, detection queries, and remediation recommendations.