Difference between revisions of "Analysis of a stage 3 Miniduke malware sample"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - "/ www." to "/ |Site=www.") |
||
Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Type=White paper | |Type=White paper | ||
|Link=https://www.circl.lu/pub/tr-14/ www.circl.lu | |Link=https://www.circl.lu/pub/tr-14/ | ||
|Site=www.circl.lu | |||
|Date=2013-05-30 | |Date=2013-05-30 | ||
|Editor=CIRCL | |Editor=CIRCL |
Latest revision as of 13:05, 31 July 2015
(Publication) Google search: [1]
Analysis of a stage 3 Miniduke malware sample | |
---|---|
Botnet | MiniDuke |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2013 / 2013-05-30 |
Editor/Conference | CIRCL |
Link | https://www.circl.lu/pub/tr-14/ (Archive copy) |
Author | |
Type | White paper |
Abstract
“ In the scope of targeted attacks with a malware labeled as Miniduke by Kaspersky Labs, CIRCL was interested in the way the malware’s later stages work and what kind of interesting information they reveal (e.g. techniques, style, IOCs) . No public analysis was found except the mention in Kaspersky’s report of a custom backdoor, so CIRCL took one of the known samples and started this analysis.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1336, editor = {CIRCL}, author = {}, title = {Analysis of a stage 3 Miniduke malware sample}, date = {30}, month = May, year = {2013}, howpublished = {\url{https://www.circl.lu/pub/tr-14/}}, }