dropllka.blogg.se

19 Oktober 2023 - 10:40
Kaspersky cloud
Allmänt
Kaspersky cloud












kaspersky cloud

The loader appears to be different every time and internal strings indicate it is “polymorphically” generated. This VBScript drops a pair of files on disk – a loader and an encrypted payload. Instead, it writes an encrypted Visual Basic Script and runs it. Perhaps the most unusual fact was that the Microsoft Office exploit didn’t directly write a Windows PE backdoor on disk. As we started digging into the operation, more details emerged which supported this theory. Af-Pak and Central Asia’s security issues.docĪt least one of them immediately reminded us of RedOctober, which used a very similarly named spearphish: “Diplomatic Car for Sale.doc”.FT – Ukraine Russia’s new art of war.doc.Some of the filenames used in the attacks included: We did a quick analysis of the malware and it immediately stood out because of certain unusual things that are not very common in the APT world.

kaspersky cloud

In August 2014, some of our users observed targeted attacks with a variation of CVE-2012-0158 and an unusual set of malware. The Mevade C&C name styles as well as some other technical similarities indicated a connection to RedOctober, but the link was weak. It wasn’t until August 2014 that we observed something which made us wonder if RedOctober is back for good. One possible hit was triggered when we observed Mevade, an unusual piece of malware that appeared late in 2013. Since January 2013, we’ve been on the lookout for a possible RedOctober comeback. Normally, the group goes underground for a few months, redesigns the tools and the malware and resume operations. As usually happens with these big operations, considering the huge investment and number of resources behind it, they don’t just “go away” forever. We named it RedOctober because we started this investigation in October 2012, an unusually hot month.Īfter our announcement in January 2013, the RedOctober operation was promptly shut down and the network of C&Cs was dismantled. Two years ago, we published our research into RedOctober, a complex cyber-espionage operation targeting diplomatic embassies worldwide.














Kaspersky cloud
0 kommentar(er)
Om Mig: