Spear phishing campaigns begin with a lure email relevant to the victim that carries a malicious Microsoft Word document, which, according to Kaspersky Lab, actually contains “a CVE-2012-0158 exploit, an executable with a double extension, or an executable with an RTLO filename”. One of its most prolific spear phishing campaigns was the March 2014 attacks targeting organizations from countries affected by the MH370 tragedy. Upon opening/ execution, the malicious payload, an 8kb encrypted file and configuration data, is injected into the browser memory where it decrypts the ports and paths to the C2C server, a user agent string, filenames and paths to relevant components, and hash sums of the user API functions. The malicious code downloads the main malware from the C2C server over an SSL connection and then it loads it independently of the operating system functions without saving it to the hard drive by assuming control of the XS02 function and then handling the installation in memory.
Subscribe to:
Post Comments (Atom)
-
When an authorities officer is composing a ticket at night, he is going to desire different light from a flashlight than when she is chasing...
-
Have you lost your data? It is a very upsetting situation when you get to know that you are not able to access data on your hard drive. The ...
-
Police officers and other emergency provider require trusted equipment that can serve them well as they serve others. Many of the tools that...
No comments:
Post a Comment