We are investigating the report from one of our colleagues, reporting one website dropped malicious exe files by some java exploit, possibly an already known one. Of course, this is not “that” important, but keep in touch on this:
Hashes
4307f1bf8d41604875d8b21c878659c0 *01388ca50e45.exe
100ad7ab0fff23a0938d5b19ede20362 *01388ca69ef2.exe
eb710f5b0022d35a2cbf0c539528cbb3 *jar_cache875449263521178018.tmp
eb710f5b0022d35a2cbf0c539528cbb3 *jar_cache9086383559255725283.tmp
Inside the […]
Basically the main functionality of the WuSetupV.exe of Flame is to create a special URL, download the main component of Flame using the special URL, store it and install it on the victim computer.
The most interesting topic is what type of data is stored inside the URL created by WuSetupV as it […]
Finally we were able to do some tests, and we can confirm Bitdefender’s http://labs.bitdefender.com/2012/06/flame-the-story-of-leaked-data-carried-by-human-vector/ finding on USB file transfer of Flame. Again, please first read our original tech report first.
If started by rundll, Flame creates “.” file within minutes.
As the file name is very special, […]
Dear All,
As You know, the recent nation-sponsored attacks used a bunch of libraries. However, nobody investigated yet the license terms. Here is a short list, based on the feedbacks we might update this article
Duqu:
modified LZO for .zdata: LZO and the LZO algorithms and implementations are distributed under the terms of the […]
First of all, be sure to read Our tech report on the Flame/Flamer/TheFlame/sKyWIper Malware.
As You already know, some Microsoft certificates were abused for flame malware MiTM installation method.
But take a look on the technical details of the certificate chain.
The actual code is signed by a series of certificates:
Let me answer to Takashi Toyota here. Maybe this blogpost will be corrected/edited later without notice.
The question was:
t_toyota Takashi Toyota @CrySySLab @mikko Thank you for the info. “They” have dev platform called #tilded, dont they? From there many instances comming out!
In fact, this is an […]
Categories
- No categories
Archives
- October 2019
- August 2019
- June 2018
- March 2018
- January 2018
- August 2017
- July 2017
- March 2017
- January 2017
- August 2016
- July 2016
- October 2015
- July 2015
- June 2015
- December 2014
- November 2014
- September 2014
- August 2014
- July 2014
- February 2014
- November 2013
- August 2013
- March 2013
- February 2013
- January 2013
- December 2012
- October 2012
- August 2012
- July 2012
- June 2012
- January 2012
- December 2011
- July 2011