Hi to all,
I want to share with you guys this piece of code RCEd from the chinese APT known as "NetTraveler" or "TravNet". Hope this knowledge will somehow be useful and interesting to you. The code isn't very complicated nor advanced, it is basically C code with a few C++ implementations.
Google Code project:
https://code.google.com/p/open-nettraveler/
GIT command:
http://kasperskycontenthub.com/wp-conte ... -final.pdf
http://securelist.com/blog/research/359 ... e-victims/
http://www.kaspersky.com/about/news/vir ... new_tricks
Kaspersky victims map:
Malware samples:
http://www.kernelmode.info/forum/viewto ... =16&t=2757
More about CVE-2012-0158:
https://securelist.com/analysis/publica ... 8-exploit/
More about CVE-2010-3333:
http://blogs.technet.com/b/mmpc/archive ... 0-087.aspx
Good luck!
I want to share with you guys this piece of code RCEd from the chinese APT known as "NetTraveler" or "TravNet". Hope this knowledge will somehow be useful and interesting to you. The code isn't very complicated nor advanced, it is basically C code with a few C++ implementations.
Google Code project:
https://code.google.com/p/open-nettraveler/
GIT command:
Code: Select all
Kaspersky reports:git clone https://code.google.com/p/open-nettraveler/http://kasperskycontenthub.com/wp-conte ... -final.pdf
http://securelist.com/blog/research/359 ... e-victims/
http://www.kaspersky.com/about/news/vir ... new_tricks
Kaspersky victims map:
Malware samples:
http://www.kernelmode.info/forum/viewto ... =16&t=2757
More about CVE-2012-0158:
https://securelist.com/analysis/publica ... 8-exploit/
More about CVE-2010-3333:
http://blogs.technet.com/b/mmpc/archive ... 0-087.aspx
Good luck!
