Advanced Persistent Threat & Malware

Advanced Persistent Threat

APT Book from Kaspersky: https://apt.securelist.com/

OPPetrol:

  • target : all major petrol company
  •  who : by the Anonymous

 Malwares

Sandworm

It uses windows vulnerability CVE-2014-4114 and CVE-2014-6352. At the current date (06/11/2014), a definitive patch by Microsoft is is waited.

sources :

    • http://blogs.mcafee.com/mcafee-labs/new-exploit-sandworm-zero-day-bypass-official-patch
BlackEnergy

targets :

  • Linux
  • Cisco Router
  • Windows

Possible Indicator of compromission:

  • Ciscoapi.tcl
  • dstr

Possible playload:

  • DDOS
  • Steal Banking information
  • Wipe HardDisk
  • Port Scanning
  • Certificat Theft
  •  System information gathering
  • Remote Desktop

Sources:

  • http://thehackernews.com/2014/11/blackenergy-crimeware-router-linux.html

Zeus

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *