Andromeda 2.7 features
Revision as of 21:44, 23 April 2014 by Eric.freyssinet (talk | contribs)
(Publication) Google search: [1]
Andromeda 2.7 features | |
---|---|
Botnet | Andromeda |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2014 / 2014-04-23 |
Editor/Conference | Fortinet |
Link | http://blog.fortinet.com/Andromeda-2-7-Features/ blog.fortinet.com (blog.fortinet.com Archive copy) |
Author | Suweera De Souza |
Type | Blogpost |
Abstract
“ Recently, we found a new version of the Andromeda bot in the wild. This version has strengthened its self-defense mechanisms by utilizing more anti-debug/anti-VM tricks than its predecessors. It also employs some novel methods for trying to keep its process hidden and running persistently. Moreover, its communication data structure and encryption scheme have changed, rendering the old Andromeda IPS/IDS signatures useless.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1383, editor = {Fortinet}, author = {Suweera De Souza}, title = {Andromeda 2.7 features}, date = {23}, month = Apr, year = {2014}, howpublished = {\url{http://blog.fortinet.com/Andromeda-2-7-Features/ blog.fortinet.com}}, }