The “Hikit” rootkit: advanced and persistent attack techniques (part 2)
Revision as of 23:42, 24 August 2012 by Eric.freyssinet (talk | contribs)
(Publication) Google search: [1]
The “Hikit” rootkit: advanced and persistent attack techniques (part 2) | |
---|---|
Botnet | Hikit |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 22 août 2012 |
Editor/Conference | Mandiant |
Link | https://blog.mandiant.com/archives/3189 blog.mandiant.com (blog.mandiant.com Archive copy) |
Author | Christopher Glyer, Ryan Kazanciyan |
Type |
Abstract
“ In the first part of this series we introduced the “Hikit” rootkit and discussed some of its distinctive characteristics, particularly the clever mechanisms it uses to load on a compromised system. Today, we’ll take a look at some of the counter-forensic techniques that it utilizes to stay hidden in a compromised environment, provide an Indicator of Compromise (IOC) used to find host-based evidence of the malware, and discuss how attackers took advantage of its functionality.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1128, editor = {Mandiant}, author = {Christopher Glyer, Ryan Kazanciyan}, title = {The “Hikit” rootkit: advanced and persistent attack techniques (part 2)}, date = {Error: Invalid time.}, month = Error: Invalid time., year = {2012}, howpublished = {\url{https://blog.mandiant.com/archives/3189 blog.mandiant.com}}, }