Citizen Lab Technical Brief: IEXPL0RE RAT

September 7, 2012

Categories: News and Announcements, Research News, Technical Briefs

In this technical brief, Citizen Lab Senior Security Analyst Seth Hardy presents a detailed analysis of a Remote Access Trojan (RAT) that targeted organizations taking part in our study on targeted cyber threats against human rights groups. In this brief, we refer to the malware as IEXPL0RE RAT, after the name of the launcher program. It was first called “Sharky RAT” in Seth Hardy’s talk at SecTor 2011. Since then it has also been referred to as c0d0so0 and possibly Backdoor.Briba.

The IEXPL0RE RAT, gives a remote attacker the ability to record user keystrokes (including passwords), copy and delete files, download and run new programs, and even use the computer’s microphone and camera to monitor the user in real-time.

This brief includes details on detection and mitigation, removal, a list of all commands present in the malware, and a description of what data is received or sent over the network for each command.

 Download the full brief here [pdf].

One Comment

  1. michael thibodeaux
    Posted December 19, 2012 at 10:47 am | Permalink

    Does Vobfus have anything to do with c0d0so0 and possibly Backdoor.Briba?

    https://www.virustotal.com/file/14370d75d849de3e91e3cf2681d134bc35ba106607aa856f1757d71a7083a80f/analysis/
    http://xml.ssdsandbox.net/index.php/8307500bdd337da328cb573bb1b54711

Post a Comment

Your email is never shared. Required fields are marked *

*
*