DESCRIPTION NAME:

APT - ZAPCHAST - HTTP (Request)

 CONFIDENCE LEVEL: HIGH
 SEVERITY INBOUND:
 SEVERITY OUTBOUND:
Informativo
Bajo
Medio
High

 Resumen y descripción

ZAPCHAST variants often arrive as an attachment to spammed messages. Once the malware has been executed, it creates a backdoor which gives an attacker access to the infected computer. It can also download and execute arbitrary files, and update itself. Variants may also check for AV-related files in the infected computer. Some ZAPCHAST variants use an IRC client to perform backdoor routines. This backdoor executes commands from a remote malicious user, effectively compromising the affected system. It deletes itself after execution.

 Detalles técnicos

Attack Phase: Command and Control Communication

Protocol: HTTP

Risk Type: MALWARE

Threat Type: Malicious Behavior

Confidence Level: High

Severity: High

DDI Default Rule Status: Enable

Event Class: Targeted Attack

Event Sub Class: Callback

Behavior Indicator: Targeted Attack

APT Related: YES

 Soluciones

Network Content Inspection Pattern Version: 1.12991.00

Network Content Inspection Pattern Release Date: 15 Aug 2017

Network Content Correlation Pattern Version: 1.12961.00

Network Content Correlation Pattern Release Date: 15 Aug 2017


Rellene nuestra encuesta!