best social networking sites for dating - Javthai afganistan

Among these, we were able to discover several successful infections where the employed Korplug samples were connecting to the same C&C domain.

javthai afganistan-90

A curious Remote Access Trojan, as research points to a Chinese connection but the commands it listens to are in Spanish (translation in English): The malware can manage processes and services on the infected machine, transfer files to and from the C&C server, run shell commands, and so on. Some samples contain a digital signature by “Nanning weiwu Technology co.,ltd”.

This malware, written in C, and contains several functions for harvesting files off the victim’s hard drive according to criteria set in the configuration file.

ESET Live Grid telemetry indicates that the attacks against these targets have been going on since at least June 2014 and continue through today.

We were able to pinpoint the targets to residents of the following countries: From the topics of the files used to spread the malware, as well as from the affected targets, it appears that the attackers are interested in gathering intelligence related to Afghan, Tajik and Russian military and diplomatic subjects.

After taking a look at recent Korplug (Plug X) detections, we identified two larger scale campaigns employing this well-known Remote Access Trojan.

This blog gives an overview of the first one, related to Afghanistan & Tajikistan.JAHAN TV is a new TV Channel in Afghanistan, JAHAN TV’s programming demonstrates a complete picture of democracy, not just in the programs themselves but in the way we create them.From initial development and production to scheduling and broadcasting, JAHAN TV ensures that our shows follow not just the policies and principles of TV broadcasting in Afghanistan, but promote the key values of journalism, democracy, national unity, and understanding and trust among people.However, this exploit is not implemented correctly due to a wrong file offset in the 1, it’s at a different offset, and thus never is loaded.Sophos’ Gabor Szappanos gives a possible explanation how these malformed samples may have come into existence.In other cases, attackers use more common tools for accomplishing their criminal goals. Plug X) is a well-known toolkit associated with Chinese APT groups and used in a large number of targeted attacks since 2012.

Tags: , ,