HTran and the Advanced Persistent Threat

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

HTran and the Advanced Persistent Threat
Botnet
Malware HTran
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2011 / 2011-08-03
Editor/Conference DELL SecureWorks
Link http://www.secureworks.com/cyber-threat-intelligence/threats/htran/ (Archive copy)
Author Joe Stewart
Type Blogpost

Abstract

While researching one of the malware families involved in the RSA breach disclosed in March 2011, Dell SecureWorks CTU observed an interesting pattern in the network traffic of a related sample (MD5:53ba6845f57f8e9ef600ef166be3be14). When the sample under analysis attempted to connect to the C2 server at my.amazingrm.com (203.92.45.2), the server returned a succinct plain-text error message instead of the expected HTTP-formatted response:

[SERVER]connection to funn

Bibtex

 @misc{Stewart2011BFR1278,
   editor = {DELL SecureWorks},
   author = {Joe Stewart},
   title = {HTran and the Advanced Persistent Threat},
   date = {03},
   month = Aug,
   year = {2011},
   howpublished = {\url{http://www.secureworks.com/cyber-threat-intelligence/threats/htran/}},
 }