En Route with
eset-sednit-part-3
eset-sednit-part-3
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>En</strong> <strong>Route</strong> <strong>with</strong> Sednit<br />
The whole process is pictured in Figure 6, and is detailed thereafter for the most recent Downdelph<br />
sample known (Case 7 in Figure 4).<br />
Downdelph<br />
infected computer<br />
Initial C&C server<br />
Additional<br />
C&C server 1<br />
Additional<br />
C&C server 2<br />
Fetches main<br />
configuration file<br />
(extended.ini)<br />
Download payload from<br />
initial C&C server<br />
Sends machine ID<br />
Fetches server<br />
configuration file<br />
(pinlt.ini)<br />
Downloads payload<br />
Download payload from<br />
additional C&C server 1<br />
Sends machine ID<br />
Fetches server<br />
configuration file<br />
(pinlt.ini)<br />
Downloads payload<br />
Download payload from<br />
additional C&C server 2<br />
Sends machine ID<br />
Fetches server<br />
configuration file<br />
(pinlt.ini)<br />
Downloads payload<br />
[...]<br />
Figure 6.<br />
Downdelph communication workflow<br />
13