The Nansh0u Campaign: signed rootkit, exposed infrastructure and PE exploits in a massive MS-SQL & PHPMyAdmin attack campaign

One of the cooler things that got left out during editing is that the driver deployed by this malware, contains a lot of functionality that isn’t used by the malware. It’s not off the shelf driver, but it’s also not custom made.

Also, there’s a neat exploit for CVE-2014-4113 that hasn’t been previously published. The new exploit works on 8.1 which wasn’t covered by the original APT-28 exploit.

Read more…

Leave a Reply