Warning: Illegal string offset 'filter' in /home/crypton1/public_html/mobilesecuritythreat.com/wp-includes/taxonomy.php on line 1409
Symantec and few others reported about the multiple versions of APT – 1 infecting thousands of computers worldwide. The hackers are using multiple versions of Apt 1 tricking the users download the pdf.
As per Mandiant blog report.
As we noted yesterday, Brandon Dixon’s 9B+ blog and Symantec reported the discovery of two malicious versions of our APT1 report. We wanted to provide follow-on details based on our analysis of these samples. Additionally, we have attached Indicators of Compromise (IOCs) so folks can begin using them to detect the malware.
PDF1 – “Mandiant_APT2_Report” Lure
This is a password protected PDF using the password “hello” and exploits the CVE-2011-2462 vulnerability from back in December of 2011. Once opened it drops
%TEMP%\Mandiant_APT2_Report.pdf(29E9494E2EBA1D8F8AD9EE308FFE53EF). The newly dropped report is opened and the
AdobeArm.tmpbinary is executed.
– See more at: https://www.mandiant.com/blog/threat-actors-mandiant-apt1-report-spear-phishing-lure-nitty-gritty/#sthash.Ds1gumcA.dpuf
Screenshot from Symantec