Difference between revisions of "Analysis of the malware of Red October - Part 2"

From Botnets.fr
Jump to navigation Jump to search
 
Line 1: Line 1:
{{Publication
{{Publication
|Image=
|Botnet=Rocra,
|Legend=
|Malware=,
|ExploitKit=,
|Campaign=Red October
|Year=2013
|Date=2013-01-15
|Editor=Malware.lu
|Link=http://code.google.com/p/malware-lu/wiki/en_malware_redoctober2
|Author=RootBSD, Malware.lu,
|Type=Blogpost
|Abstract=We wrote an article about the dropper used by Red October available here: http://code.google.com/p/malware-lu/wiki/en_malware_redoctober. At the end of this article we got a file called svchost.exe and the file wsdktr.ltd . This file was first packed with a custom packer and secondly packed with UPX. Once we unpacked this file, we get a file with the md5: 5f38e180671fe1d86009d730687a0e3e. This binary is used to decrypt the file wsdktr.ltd. Today (14th January of 2013), Karspersky started to make the buzz around an ultimate new APT. The malware targets diplomatic, governmental and scientific research organizations in different countries, mostly related to the region of Eastern Europe, former USSR members and countries in Central Asia.
|Document=
|Document=
|Licence=
|Licence=
|Type=Blogpost
|Video=
|Video=
|Link=http://code.google.com/p/malware-lu/wiki/en_malware_redoctober2 code.google.com
|Author=RootBSD, Malware.lu,
|NomRevue=Malware.lu
|NomRevue=Malware.lu
|Date=2013-01-15
|Editor=Malware.lu
|Year=2013
|ISBN=
|ISBN=
|Page=
|Page=
|Botnet=Rocra,
|Keyword=,
|Malware=,
|ExploitKit=,
|Campaign=Red October
|Abstract=We wrote an article about the dropper used by Red October available here: http://code.google.com/p/malware-lu/wiki/en_malware_redoctober. At the end of this article we got a file called svchost.exe and the file wsdktr.ltd . This file was first packed with a custom packer and secondly packed with UPX. Once we unpacked this file, we get a file with the md5: 5f38e180671fe1d86009d730687a0e3e. This binary is used to decrypt the file wsdktr.ltd. Today (14th January of 2013), Karspersky started to make the buzz around an ultimate new APT. The malware targets diplomatic, governmental and scientific research organizations in different countries, mostly related to the region of Eastern Europe, former USSR members and countries in Central Asia.
|Keyword=,  
}}
}}

Latest revision as of 22:28, 31 July 2015

(Publication) Google search: [1]

Analysis of the malware of Red October - Part 2
Botnet Rocra
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign Red October
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-01-15
Editor/Conference Malware.lu
Link http://code.google.com/p/malware-lu/wiki/en malware redoctober2 (Archive copy)
Author RootBSD, Malware.lu
Type Blogpost

Abstract

We wrote an article about the dropper used by Red October available here: http://code.google.com/p/malware-lu/wiki/en_malware_redoctober. At the end of this article we got a file called svchost.exe and the file wsdktr.ltd . This file was first packed with a custom packer and secondly packed with UPX. Once we unpacked this file, we get a file with the md5: 5f38e180671fe1d86009d730687a0e3e. This binary is used to decrypt the file wsdktr.ltd. Today (14th January of 2013), Karspersky started to make the buzz around an ultimate new APT. The malware targets diplomatic, governmental and scientific research organizations in different countries, mostly related to the region of Eastern Europe, former USSR members and countries in Central Asia.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1283,
   editor = {Malware.lu},
   author = {RootBSD, Malware.lu},
   title = {Analysis of the malware of Red October - Part 2},
   date = {15},
   month = Jan,
   year = {2013},
   howpublished = {\url{http://code.google.com/p/malware-lu/wiki/en_malware_redoctober2}},
 }

Retrieved from "https://www.botnets.fr/index.php?title=Analysis_of_the_malware_of_Red_October_-_Part_2&oldid=5077"