DESCRIPTION NAME:

FAKEAV - HTTP (Request) - Variant 16

 CONFIDENCE LEVEL: MEDIUM
informational
Niedrig
Mittel
Hoch

 Überblick

KATUSHA Trojans typically arrive via spammed email messages or as files downloaded unknowingly by users when visiting malicious sites. It is used to download and execute other malicious files. In 2010, a spam run that poses as an IT notification contained a KATUSHA variant as an attachment. Cybercriminals also used this malware to launch attacks on the users of the social networking site/blogging platform Multiply.

 Technische Details

Attack Phase: Command and Control Communication

Risk Type:

Threat Type: Suspicious Behavior

Confidence Level: Medium

DDI Default Rule Status: Enable

Event Class: Callback

Event Sub Class: Bot

Behavior Indicator: Callback

APT Related: NO

 Lösungen

Network Content Correlation Pattern Version: 1.12475.00
Network Content Correlation Pattern Release Date: 17 Mar 2016


Nehmen Sie an unserer Umfrage teil