DDI RULE 355
HUPIGON - HTTP (Request) - Variant 2
OVERVIEW
The HUPIGON malware family consists of backdoors. These are usually dropped by other malware onto a system or are downloaded unknowingly by users when visiting malicious sites. HUPIGON variants may drop several files or copies of themselves. HUPIGON variants open ports or connect to servers to allow remote users to connect to the affected system. Once a successful connection is established, the remote user executes commands on the system, such as to delete files and folders, download and execute files, and terminate processes. Variants may also gather information about the affected system. They can also steal information such as logged keystrokes, passwords, and other user credentials.
TECHNICAL DETAILS
Attack Phase: Command and Control Communication
Protocol: HTTP
Risk Type: MALWARE
Threat Type: Malicious Behavior
Confidence Level: High
Severity: High(Outbound)
DDI Default Rule Status: Enable
Event Class: Callback
Event Sub Class: Bot
Behavior Indicator: Callback
APT Related: NO
SOLUTION
Did this description help? Tell us how we did.