Tap here to download the Cisco News Mobile App for the best Cisco Network mobile experience!

CCleaner Command and Control Causes Concern

CCleaner Command and Control Causes Concern
Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. INTRODUCTION Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner application. During our investigation we were provided an archive containing files that were stored on the C2 server. Initially, we had concerns about the legitimacy of the files. However, we were able to quickly verify that the files were very likely genuine based upon the web server configuration files and the fact that our research activity was reflected in the contents of the MySQL database included in the archived files. In analyzing the delivery code from the C2 server, what immediately stands out is a list of organizations, including Cisco, that were specifically targeted through delivery of a second-stage loader. Based on a review of the C2 tracking database, which only covers four days in September, we can confirm that at least 20 victim machines were served specialized secondary payloads. Below is a list of domains the attackers were attempting to target.
CCleaner Command and Control Causes Concern READ FULL ARTICLE

CCleaner Command and Control Causes Concern

20 Sep 2017
  • Press Release

  • 92

  • Save

  • Thought Leadership, Security

CCleaner Command and Control Causes Concern

Source: Edmund Brumaghin, Earl Carter, Warren Mercer, Matthew Molyett, Matthew Olney, Paul Rascagneres and Craig Williams.

Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. Talos recently published a technical analysis of a backdoor which was included with version 5.33 of the CCleaner application. During our investigation we were provided an archive containing files that were stored on the C2 server. Initially, we had concerns about the legitimacy of the files. However, we were able to quickly verify that the files were very likely genuine based upon the web server configuration file

READ FULL ARTICLE

Also post on Post
0 Comments