ACAD/Medre.A a case study of an individual attack - SANS ...

More documents

Recommendations

Info

he contents of the directory compressed in the encrypted RAR rchive (password = “1”) are: Acad.fas (worm body) Payload #1 (to 163.com) È¤Î»úÐµÖÆÍ¼.dxf (is 趣味机械制图 in Chinese encoding). he .DXF file (AutoCAD Drawing Exchange Format) is generated by CAD/Medre.A and contains metadata regarding the stolen AutoCAD rawing
Payload #2 (to qq.com) he actual drawing is sent via one of the qq.com addresses to the final q.com address…
Page 1 and 2: ACAD/Medre.A a case study of an ind
Page 3 and 4: Outline Points to be discussed duri
Page 5 and 6: Introduction The latest trend is de
Page 7 and 8: W32/Georbot.A • … Political Mot
Page 9 and 10: ong before cloud computing gained t
Page 11 and 12: ACAD/Medre.A statistics
Page 13 and 14: Early history: • R14.01 (1999): A
Page 15 and 16: Dissecting the worm… • Written
Page 17 and 18: Infection and Installation .fas 1.
Page 19: Payloads
Page 23 and 24: Trying to stealing Foxmail Files
Page 25 and 26: Industrial Espionage?
Page 27 and 28: Upon discovery, ESET Contacted: •
Page 29 and 30: Upon discovery, ESET Contacted: •
Page 31 and 32: Tools Used… • LiveGrid • FAS
Page 33: Thank You! If you have Questions,I

ACAD/Medre.A a case study of an individual attack - SANS ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?