DDI RULE 2257
APT - SIMBOT - HTTP (Request)
Panoramica e descrizione
SIMBOT is a backdoor family that accesses certain remote servers in order to receive commands from a remote attacker. The following are the executed commands on the affected system: Download and executes files Execute a DOS command sent by the remote user Send an encrypted copy of the content of a specified file to its C&C server Sleep for a specified amount of time It also checks if there are registry keys related to security applications. It does this to avoid detection and easy removal.
Dettagli tecnici
Attack Phase: Command and Control Communication
Protocol: HTTP
Risk Type: MALWARE
Threat Type: Malicious Behavior
Confidence Level: High
Severity: High
DDI Default Rule Status: Enable
Event Class: Targeted Attack
Event Sub Class: Callback
Behavior Indicator: Targeted Attack
APT Related: YES
Soluzioni
Sondaggio