Monday, August 3, 2015

APT: CosmicDuke

CosmicDuke:
STATUS:Active
TYPE:Backdoor
DISCOVERY:2013
TARGETED PLATFORMS:Windows
FIRST KNOWN SAMPLE:April 2012
NUMBER OF TARGETS:101-500

Special features:
The TinyBaron/CosmicDuke custom backdoor is compiled using a customizable framework called "BotGenStudio", which has sufficient flexibility to enable/disable components when the bot is constructed.
The attackers use strong self-protection to prevent antimalware solutions from analyzing the implant and detecting its malicious functionality via an emulator. It also complicates malware analysis.
CosmicDuke targets individuals involved in the traffic and selling of illegal and controlled substances. These victims have been observed only in Russia.

Top 10 countries affected:
 Georgia, Russia, USA, Great Britain, Kazakhstan, India, Belarus, Cyprus, Ukraine, Lithuania. Others include Azerbaijan, Greece and Ukraine.

Targets:
Diplomatic organizations/embassies
Energy, oil and gas companies
Telecoms
Military
Specific individuals

No comments:

Operating system - Part 1:

 In our blog, we published several articles on OS concepts which mostly on the perspective for malware analysis/security research. In few in...