Difference between revisions of "The mystery of Duqu: part six (the command and control servers)"
m (1 revision imported) |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
| | |Botnet=Duqu, | ||
| | |Malware=, | ||
|CCProtocol=, | |||
|Operation=, | |||
|Year=2011 | |||
|Date=2011-11-30 | |||
|Editor=Kaspersky lab | |||
|Link=http://www.securelist.com/en/blog/625/The_Mystery_of_Duqu_Part_Six_The_Command_and_Control_servers | |||
|Author=Vitaly Kamluk, | |||
|Abstract=Over the past few weeks, we have been busy researching the Command and Control infrastructure used by Duqu. | |||
It is now a well-known fact that the original Duqu samples were using a C&C server in India, located at an ISP called Webwerks. Since then, another Duqu C&C server has been discovered which was hosted on a server at Combell Group Nv, in Belgium. | |||
At Kaspersky Lab we have currently cataloged and identified over 12 different Duqu variants. These connect to the C&C server in India, to the one in Belgium, but also to other C&C servers, notably two servers in Vietnam and one in the Netherlands. Besides these, many other servers were used as part of the infrastructure, some of them used as main C&C proxies while others were used by the attackers to jump around the world and make tracing more difficult. Overall, we estimate there have been more than a dozen Duqu command and control servers active during the past three years. | |||
|Document= | |Document= | ||
|Licence= | |Licence= | ||
|Video= | |Video= | ||
|NomRevue=Securelist | |NomRevue=Securelist | ||
|ISBN= | |ISBN= | ||
|Page= | |Page= | ||
|Keyword=, | |||
|Keyword=, | |||
}} | }} |
Latest revision as of 04:57, 19 August 2015
(Publication) Google search: [1]
The mystery of Duqu: part six (the command and control servers) | |
---|---|
Botnet | Duqu |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2011 / 2011-11-30 |
Editor/Conference | Kaspersky lab |
Link | http://www.securelist.com/en/blog/625/The Mystery of Duqu Part Six The Command and Control servers (Archive copy) |
Author | Vitaly Kamluk |
Type |
Abstract
“ Over the past few weeks, we have been busy researching the Command and Control infrastructure used by Duqu.
It is now a well-known fact that the original Duqu samples were using a C&C server in India, located at an ISP called Webwerks. Since then, another Duqu C&C server has been discovered which was hosted on a server at Combell Group Nv, in Belgium.
At Kaspersky Lab we have currently cataloged and identified over 12 different Duqu variants. These connect to the C&C server in India, to the one in Belgium, but also to other C&C servers, notably two servers in Vietnam and one in the Netherlands. Besides these, many other servers were used as part of the infrastructure, some of them used as main C&C proxies while others were used by the attackers to jump around the world and make tracing more difficult. Overall, we estimate there have been more than a dozen Duqu command and control servers active during the past three years.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR971, editor = {Kaspersky lab}, author = {Vitaly Kamluk}, title = {The mystery of Duqu: part six (the command and control servers)}, date = {30}, month = Nov, year = {2011}, howpublished = {\url{http://www.securelist.com/en/blog/625/The_Mystery_of_Duqu_Part_Six_The_Command_and_Control_servers}}, }