cool hit counter Taiwan's D-Link & Panorama Security certificate stolen and used by APT group blacktech_Intefrankly

Taiwan's D-Link & Panorama Security certificate stolen and used by APT group blacktech

The other day, jpcert reported on malware plead analysis, and the reports all pointed to the APT group blacktech, a group long active in the Asian region. The incident reveals the fact that the group is attacking Japan and elaborates on plead's latest data communication techniques, details of which can be found by clicking at the box.

RELATED: plead malware analysis by APT group blacktech

And ESET today, released a report in which the article states that the plead series all use D-Link's legal certificate. As shown in the figure below

The certificate is currently being revoked by D-Link on July 3, 2018, as announced below


In addition to the D-Link certificate, there is also a Taiwanese security company whose certificate has been abused, and the company is called Panorama Software.

As shown below Changing Information Technology Inc.

Notwithstanding the certificate of Changing Information Technology Inc. Revoked on 4 July 2017 but

The BlackTech group is still using it to sign their malicious tools.

It also speaks volumes about the APT group's superior technical skills to hack even the digitally signed certificates of these large corporations.

The signed Plead downloaders all go to the next piece of encrypted shellcode, which is finally decrypted and then goes on to download the final Plead backdoor module, with the following behavior executed by the specific backdoor after the received command

At the same time, the information stealing module will mainly steal the password information stored by the following browsers

Google Chrome

Microsoft Internet Explorer

Microsoft Outlook

Mozilla Firefox

IOC Information

Code Signing Certificate Serial Number

1、Top 10 MustLearn Algorithms for Budding Machine Learners
2、Another big story on autopilot Taxi drivers to be laid off in future
3、UG Programming Drilling for Standard Drilling Deep Hole and Short Chip
4、windows server phpstudy environment website build
5、The Department of Electronic Information Engineering won the 2018 Sichuan Higher Vocational College Student Skills Competition

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送