The “Hikit” rootkit: advanced and persistent attack techniques (part 2)
Jump to navigation
Jump to search
(Publication) Google search: [1]
| The “Hikit” rootkit: advanced and persistent attack techniques (part 2) | |
|---|---|
| Botnet | Hikit |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 22 aug2012 |
| Editor/Conference | Mandiant |
| Link | https://blog.mandiant.com/archives/3189 blog.mandiant.com (blog.mandiant.com Archive copy) |
| Author | Christopher Glyer, Ryan Kazanciyan |
| Type | |
Abstract
“ In the first part of this series we introduced the “Hikit” rootkit and discussed some of its distinctive characteristics, particularly the clever mechanisms it uses to load on a compromised system. Today, we’ll take a look at some of the counter-forensic techniques that it utilizes to stay hidden in a compromised environment, provide an Indicator of Compromise (IOC) used to find host-based evidence of the malware, and discuss how attackers took advantage of its functionality.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1128,
editor = {Mandiant},
author = {Christopher Glyer, Ryan Kazanciyan},
title = {The “Hikit” rootkit: advanced and persistent attack techniques (part 2)},
date = {22},
month = Aug,
year = {2012},
howpublished = {\url{https://blog.mandiant.com/archives/3189 blog.mandiant.com}},
}