Difference between revisions of "Analysis of DarkMegi aka NpcDark"
Jump to navigation
Jump to search
(Created page with "{{Publication |Botnet=DarkMegi, |Year=2012 |Date=2012-04-20 |Editor=StopMalvertising |Link=http://stopmalvertising.com/rootkits/analysis-of-darkmegi-aka-npcdark.html |Author=K...") |
|||
| Line 7: | Line 7: | ||
|Author=Kimberly, | |Author=Kimberly, | ||
|Type=Blogpost | |Type=Blogpost | ||
|Abstract=According to the analysis performed by McAfee Labs, DarkMegi was the first known threat delivered through the CVE-2012-0003 - MIDI Remote Code Execution Vulnerability. DarkMegi has also been distributed via the Gong Da Pack exploit kit and more recently via the Blackhole Exploit kit. | |||
DarkMegi is complex and difficult to analyze; it involves more than just dropping a usermode component ( com32.dll) and a kernel driver (com32.sys) on the victim’s computer. | |||
}} | }} | ||
Latest revision as of 17:37, 27 August 2015
(Publication) Google search: [1]
| Analysis of DarkMegi aka NpcDark | |
|---|---|
| Botnet | DarkMegi |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 2012-04-20 |
| Editor/Conference | StopMalvertising |
| Link | http://stopmalvertising.com/rootkits/analysis-of-darkmegi-aka-npcdark.html (Archive copy) |
| Author | Kimberly |
| Type | Blogpost |
Abstract
“ According to the analysis performed by McAfee Labs, DarkMegi was the first known threat delivered through the CVE-2012-0003 - MIDI Remote Code Execution Vulnerability. DarkMegi has also been distributed via the Gong Da Pack exploit kit and more recently via the Blackhole Exploit kit.
DarkMegi is complex and difficult to analyze; it involves more than just dropping a usermode component ( com32.dll) and a kernel driver (com32.sys) on the victim’s computer.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR4770,
editor = {StopMalvertising},
author = {Kimberly},
title = {Analysis of DarkMegi aka NpcDark},
date = {20},
month = Apr,
year = {2012},
howpublished = {\url{http://stopmalvertising.com/rootkits/analysis-of-darkmegi-aka-npcdark.html}},
}