Friday, September 5, 2014

Backdoor.KLGConfig: Malware analysis leads to widely used infrastructures, 500+ domains

Wapack Labs published (today) a deep-dive piece of analysis on a new piece of malware being leveraged in targeted cyber crime operations. 

Wapack Labs has dubbed the malware family Backdoor.KLGConfig. A variant of Backdoor.KLGConfig was also observed as specifically targeting credentials for a popular banking application used by many FIs. Follow on analysis exposed a wide criminal
infrastructure consisting of over 500 domains.

Get the indicators from Threat Recon with a "reference" search on FR14-023.

Check out our github for an example scripts:
https://github.com/dechko/threatrecon/blob/master/examples/simple_search_reference.py