y5qa5B
y5qa5B
y5qa5B
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
ASERT Threat Intelligence Report 2016-03: The Four-Element Sword Engagement<br />
Once the wthk.txt file is downloaded by PowerShell, the dropped file fuso.exe is executed. <br />
The binary named fuso.exe is a very simple binary that appears to execute another application named <br />
Keyainst.exe: <br />
Unfortunately, Keyainst.exe was not available during this analysis. <br />
Connections to Historical and Ongoing Threat Campaign Activity<br />
A recently published (March 17, 2016) blog by Michael Yip of PWC “Taiwan Presidential Election: A Case Study <br />
on Thematic Targeting” [32] also discusses aspects of this sample and reveals that it was used in targeted <br />
34 Proprietary and Confidential Information of Arbor Networks, Inc.