Difference between revisions of "An encounter with trojan Nap"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - " blog.fireeye.com" to "") |
||
| Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Type=Blogpost | |Type=Blogpost | ||
|Link=http://blog.fireeye.com/research/2013/02/an-encounter-with-trojan-nap.html | |Link=http://blog.fireeye.com/research/2013/02/an-encounter-with-trojan-nap.html | ||
|Author=Abhishek Singh, Ali Islam | |Author=Abhishek Singh, Ali Islam | ||
|NomRevue=FireEye Malware Intelligence Lab | |NomRevue=FireEye Malware Intelligence Lab | ||
Latest revision as of 21:51, 5 August 2015
(Publication) Google search: [1]
| An encounter with trojan Nap | |
|---|---|
| Botnet | Nap |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-02-05 |
| Editor/Conference | FireEye |
| Link | http://blog.fireeye.com/research/2013/02/an-encounter-with-trojan-nap.html (Archive copy) |
| Author | Abhishek Singh, Ali Islam |
| Type | Blogpost |
Abstract
“ We recently encountered a stealthy malware that employs extended sleep calls to evade automated analysis systems capturing its behavior. It further makes use of the fast flux technique in order to hide the identity of the attacker controlling it. We call it Trojan Nap. The purpose of this blog is to share the technical details of the execution steps by Nap.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1299,
editor = {FireEye},
author = {Abhishek Singh, Ali Islam},
title = {An encounter with trojan Nap},
date = {05},
month = Feb,
year = {2013},
howpublished = {\url{http://blog.fireeye.com/research/2013/02/an-encounter-with-trojan-nap.html}},
}