DDI RULE 1489
APT - ZAPCHAST - HTTP (Request)
OVERVIEW
ZAPCHAST variants often arrive as an attachment to spammed messages. Once the malware has been executed, it creates a backdoor which gives an attacker access to the infected computer. It can also download and execute arbitrary files, and update itself. Variants may also check for AV-related files in the infected computer. Some ZAPCHAST variants use an IRC client to perform backdoor routines. This backdoor executes commands from a remote malicious user, effectively compromising the affected system. It deletes itself after execution.
TECHNICAL DETAILS
Attack Phase: Command and Control Communication
Protocol: HTTP
Risk Type: MALWARE
Threat Type: Malicious Behavior
Confidence Level: High
Severity: High
DDI Default Rule Status: Enable
Event Class: Targeted Attack
Event Sub Class: Callback
Behavior Indicator: Targeted Attack
APT Related: YES
SOLUTION
Network Content Inspection Pattern Version: 1.12991.00
Network Content Inspection Pattern Release Date: 15 Aug 2017
Network Content Correlation Pattern Version: 1.12961.00
Network Content Correlation Pattern Release Date: 15 Aug 2017
Did this description help? Tell us how we did.