Analysis of DarkMegi aka NpcDark
Revision as of 17:37, 27 August 2015 by Eric.freyssinet (talk | contribs)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Publication) Google search: [1]
| Analysis of DarkMegi aka NpcDark | |
|---|---|
| Botnet | DarkMegi |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 2012-04-20 |
| Editor/Conference | StopMalvertising |
| Link | http://stopmalvertising.com/rootkits/analysis-of-darkmegi-aka-npcdark.html (Archive copy) |
| Author | Kimberly |
| Type | Blogpost |
Abstract
“ According to the analysis performed by McAfee Labs, DarkMegi was the first known threat delivered through the CVE-2012-0003 - MIDI Remote Code Execution Vulnerability. DarkMegi has also been distributed via the Gong Da Pack exploit kit and more recently via the Blackhole Exploit kit.
DarkMegi is complex and difficult to analyze; it involves more than just dropping a usermode component ( com32.dll) and a kernel driver (com32.sys) on the victim’s computer.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR4770,
editor = {StopMalvertising},
author = {Kimberly},
title = {Analysis of DarkMegi aka NpcDark},
date = {20},
month = Apr,
year = {2012},
howpublished = {\url{http://stopmalvertising.com/rootkits/analysis-of-darkmegi-aka-npcdark.html}},
}