The MiniDuke mystery: PDF 0-day government spy assembler 0x29A micro backdoor
Jump to navigation
Jump to search
(Publication) Google search: [1]
| The MiniDuke mystery: PDF 0-day government spy assembler 0x29A micro backdoor | |
|---|---|
| Botnet | MiniDuke |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-02-27 |
| Editor/Conference | Kaspersky lab |
| Link | http://www.securelist.com/en/blog/208194129/The MiniDuke Mystery PDF 0 day Government Spy Assembler 0x29A Micro Backdoor (Archive copy) |
| Author | GReAT |
| Type | Blogpost |
Abstract
“ On Feb 12th 2013, FireEye announced the discovery of an Adobe Reader 0-day exploit which is used to drop a previously unknown, advanced piece of malware. We called this new malware “ItaDuke” because it reminded us of Duqu and because of the ancient Italian comments in the shellcode copied from Dante Aligheri’s “Divine Comedy”.
Since the original announcement, we have observed several new attacks using the same exploit (CVE-2013-0640) which drop other malware. Between these, we've observed a couple of incidents which are so unusual in many ways that we’ve decided to analyse them in depth.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1310,
editor = {Kaspersky lab},
author = {GReAT},
title = {The MiniDuke mystery: PDF 0-day government spy assembler 0x29A micro backdoor},
date = {27},
month = Feb,
year = {2013},
howpublished = {\url{http://www.securelist.com/en/blog/208194129/The_MiniDuke_Mystery_PDF_0_day_Government_Spy_Assembler_0x29A_Micro_Backdoor}},
}