TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

トップ > Malware: ZuoRAT (トロイの木馬) > ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks

ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks

Malware: ZuoRAT (トロイの木馬) マルウェア種別: トロイの木馬

【図表】


Overview of campaign elements


Screenshot of the content hosted on the default landing page for the C2

Diagram of proxy C2 communications shift observed through Black Lotus Labs telemetry

Heatmap of bots observed through Black Lotus Labs telemetry

Image of the invalid certificate appended to the malicious program

Screenshot of the network traffic generated by CBeacon when run in the Black Lotus Labs lab environment


Screenshot of the Go agent network traffic

Images comparing the information when C2.Heartbeat was run on CBeacon versus GoBeacon
出典: https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/


【ブログ】

◆ZuoRAT Hijacks SOHO Routers To Silently Stalk Networks (Black Lotus Labs, 2022/06/28)
https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/

Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2023