Difference between revisions of "The “Hikit” rootkit: advanced and persistent attack techniques (part 2)"
Jump to navigation
Jump to search
m (Text replacement - " août " to " aug") |
|||
(One intermediate revision by the same user not shown) | |||
Line 3: | Line 3: | ||
|Author=Christopher Glyer, Ryan Kazanciyan | |Author=Christopher Glyer, Ryan Kazanciyan | ||
|NomRevue=M-unition | |NomRevue=M-unition | ||
|Date=22 | |Date=22 aug2012 | ||
|Editor=Mandiant | |Editor=Mandiant | ||
|Year=2012 | |Year=2012 |
Latest revision as of 21:31, 5 August 2015
(Publication) Google search: [1]
The “Hikit” rootkit: advanced and persistent attack techniques (part 2) | |
---|---|
Botnet | Hikit |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 22 aug2012 |
Editor/Conference | Mandiant |
Link | https://blog.mandiant.com/archives/3189 blog.mandiant.com (blog.mandiant.com Archive copy) |
Author | Christopher Glyer, Ryan Kazanciyan |
Type |
Abstract
“ In the first part of this series we introduced the “Hikit” rootkit and discussed some of its distinctive characteristics, particularly the clever mechanisms it uses to load on a compromised system. Today, we’ll take a look at some of the counter-forensic techniques that it utilizes to stay hidden in a compromised environment, provide an Indicator of Compromise (IOC) used to find host-based evidence of the malware, and discuss how attackers took advantage of its functionality.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1128, editor = {Mandiant}, author = {Christopher Glyer, Ryan Kazanciyan}, title = {The “Hikit” rootkit: advanced and persistent attack techniques (part 2)}, date = {22}, month = Aug, year = {2012}, howpublished = {\url{https://blog.mandiant.com/archives/3189 blog.mandiant.com}}, }