Difference between revisions of "The mystery of Duqu: part six (the command and control servers)"
m (Remplacement de texte — « |Editor=Kaspersky » par « |Editor=Kaspersky lab ») |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
| | |Botnet=Duqu, | ||
| | |Malware=, | ||
|CCProtocol=, | |||
|Operation=, | |||
|Year=2011 | |||
|Date=2011-11-30 | |||
|Editor=Kaspersky lab | |||
|Link=http://www.securelist.com/en/blog/625/The_Mystery_of_Duqu_Part_Six_The_Command_and_Control_servers | |||
|Author=Vitaly Kamluk, | |||
|Abstract=Over the past few weeks, we have been busy researching the Command and Control infrastructure used by Duqu. | |||
It is now a well-known fact that the original Duqu samples were using a C&C server in India, located at an ISP called Webwerks. Since then, another Duqu C&C server has been discovered which was hosted on a server at Combell Group Nv, in Belgium. | |||
At Kaspersky Lab we have currently cataloged and identified over 12 different Duqu variants. These connect to the C&C server in India, to the one in Belgium, but also to other C&C servers, notably two servers in Vietnam and one in the Netherlands. Besides these, many other servers were used as part of the infrastructure, some of them used as main C&C proxies while others were used by the attackers to jump around the world and make tracing more difficult. Overall, we estimate there have been more than a dozen Duqu command and control servers active during the past three years. | |||
|Document= | |Document= | ||
|Licence= | |Licence= | ||
|Video= | |Video= | ||
|NomRevue=Securelist | |NomRevue=Securelist | ||
|ISBN= | |ISBN= | ||
|Page= | |Page= | ||
|Keyword=, | |||
|Keyword=, | |||
}} | }} | ||
Latest revision as of 04:57, 19 August 2015
(Publication) Google search: [1]
| The mystery of Duqu: part six (the command and control servers) | |
|---|---|
| Botnet | Duqu |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2011 / 2011-11-30 |
| Editor/Conference | Kaspersky lab |
| Link | http://www.securelist.com/en/blog/625/The Mystery of Duqu Part Six The Command and Control servers (Archive copy) |
| Author | Vitaly Kamluk |
| Type | |
Abstract
“ Over the past few weeks, we have been busy researching the Command and Control infrastructure used by Duqu.
It is now a well-known fact that the original Duqu samples were using a C&C server in India, located at an ISP called Webwerks. Since then, another Duqu C&C server has been discovered which was hosted on a server at Combell Group Nv, in Belgium.
At Kaspersky Lab we have currently cataloged and identified over 12 different Duqu variants. These connect to the C&C server in India, to the one in Belgium, but also to other C&C servers, notably two servers in Vietnam and one in the Netherlands. Besides these, many other servers were used as part of the infrastructure, some of them used as main C&C proxies while others were used by the attackers to jump around the world and make tracing more difficult. Overall, we estimate there have been more than a dozen Duqu command and control servers active during the past three years.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR971,
editor = {Kaspersky lab},
author = {Vitaly Kamluk},
title = {The mystery of Duqu: part six (the command and control servers)},
date = {30},
month = Nov,
year = {2011},
howpublished = {\url{http://www.securelist.com/en/blog/625/The_Mystery_of_Duqu_Part_Six_The_Command_and_Control_servers}},
}