Stealthy peer-to-peer C&C over SMB pipes
(Publication) Google search: [1]
Stealthy peer-to-peer C&C over SMB pipes | |
---|---|
Botnet | Duqu |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2013 / 2013-12-06 |
Editor/Conference | Strategic Cyber LLC |
Link | http://blog.cobaltstrike.com/2013/12/06/stealthy-peer-to-peer-cc-over-smb-pipes/ blog.cobaltstrike.com (blog.cobaltstrike.com Archive copy) |
Author | Raphael Mudge |
Type | Blogpost |
Abstract
“ Beacon is my payload for low and slow control of a compromised system. Recently, I added peer-to-peer communication to Beacon. When two Beacons are linked, the child Beacon will get its tasks from and send its output through its parent. Linked Beacons use SMB pipes to communicate. This is a big win for stealth. If a workstation Beacon communicates with a domain controller Beacon over SMB, who would notice?
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1407, editor = {Strategic Cyber LLC}, author = {Raphael Mudge}, title = {Stealthy peer-to-peer C&C over SMB pipes}, date = {06}, month = Dec, year = {2013}, howpublished = {\url{http://blog.cobaltstrike.com/2013/12/06/stealthy-peer-to-peer-cc-over-smb-pipes/ blog.cobaltstrike.com}}, }