The MiniDuke mystery: PDF 0-day government spy assembler 0x29A micro backdoor
Revision as of 16:15, 31 August 2014 by Eric.freyssinet (talk | contribs) (Remplacement de texte — « Kaspersky lab lab » par « Kaspersky lab »)
(Publication) Google search: [1]
The MiniDuke mystery: PDF 0-day government spy assembler 0x29A micro backdoor | |
---|---|
Botnet | MiniDuke |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2013 / 2013-02-27 |
Editor/Conference | Kaspersky lab |
Link | http://www.securelist.com/en/blog/208194129/The MiniDuke Mystery PDF 0 day Government Spy Assembler 0x29A Micro Backdoor www.securelist.com (www.securelist.com Archive copy) |
Author | GReAT |
Type | Blogpost |
Abstract
“ On Feb 12th 2013, FireEye announced the discovery of an Adobe Reader 0-day exploit which is used to drop a previously unknown, advanced piece of malware. We called this new malware “ItaDuke” because it reminded us of Duqu and because of the ancient Italian comments in the shellcode copied from Dante Aligheri’s “Divine Comedy”.
Since the original announcement, we have observed several new attacks using the same exploit (CVE-2013-0640) which drop other malware. Between these, we've observed a couple of incidents which are so unusual in many ways that we’ve decided to analyse them in depth.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1310, editor = {Kaspersky lab}, author = {GReAT}, title = {The MiniDuke mystery: PDF 0-day government spy assembler 0x29A micro backdoor}, date = {27}, month = Feb, year = {2013}, howpublished = {\url{http://www.securelist.com/en/blog/208194129/The_MiniDuke_Mystery_PDF_0_day_Government_Spy_Assembler_0x29A_Micro_Backdoor www.securelist.com}}, }