Nadradený pojem:
Susedné pojmy:
TTE Analysis: Adwind RAT
Description
Cisco threat researchers found that Adwind RAT (remote access Trojan)
malware is delivered through file extension and MIME combinations that
include .zip or .jar files. This is true whether the malware is being
delivered through the email or web attack vector. (See Figure 31.)
Adwind RAT used a wide range of hash ages throughout most of the period observed in 2016, except during September and October, when most files seen were 1 to 2 days old (Figure 32).
We also found that the median TTD for Adwind RAT is consistently higher than the median TTD for other malware families we analyzed (Figure 33). The malware’s authors have apparently developed hard-to-detect delivery mechanisms that keep Adwind RAT successful. Therefore, they don’t need to rotate through new hashes as frequently or as rapidly as the actors behind other malware families do. The Adwind Trojan is also known by other names, such as JSocket and AlienSpy.
Adwind RAT used a wide range of hash ages throughout most of the period observed in 2016, except during September and October, when most files seen were 1 to 2 days old (Figure 32).
We also found that the median TTD for Adwind RAT is consistently higher than the median TTD for other malware families we analyzed (Figure 33). The malware’s authors have apparently developed hard-to-detect delivery mechanisms that keep Adwind RAT successful. Therefore, they don’t need to rotate through new hashes as frequently or as rapidly as the actors behind other malware families do. The Adwind Trojan is also known by other names, such as JSocket and AlienSpy.
Importance
High