MONSOON – ANALYSIS OF AN APT CAMPAIGN
monsoon-analysis-apt-campaign?utm_source=Labs&utm_medium=blog&utm_content=monsoon_whitepaper&utm_campaign=monsoon
monsoon-analysis-apt-campaign?utm_source=Labs&utm_medium=blog&utm_content=monsoon_whitepaper&utm_campaign=monsoon
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Forcepoint Security Labs | Special Investigations<br />
And a final example taken from forum.china.org.cn:<br />
Figure 23 <strong>–</strong> Forum Command Channel<br />
The content after "{{" is the C&C address which is encrypted in the same manner as described below. Of<br />
note is that this text on the forum page is invisible, as the author has set it to white text on a white<br />
background.<br />
<strong>MONSOON</strong> <strong>–</strong> <strong><strong>AN</strong>ALYSIS</strong> <strong>OF</strong> <strong>AN</strong> <strong>APT</strong> <strong>CAMPAIGN</strong> Revision: 1.07 | TLP-WHITE | 25/57