Emdivi
Description
(Kaspersky) The emdivi family stores important data about itself, including C2, API name, strings for anti-analysis, value of mutexes, as well as the md5 checksum of backdoor commands and the internal proxy information. They are stored in encrypted form, and are decrypted when necessary. Therefore, to analyze an emdivi sample in detail, we need to locate which hex codes are encrypted, and how to decrypt them. In the process of decryption, a unique decryption key is required for each sample.
Names
Name |
---|
Emdivi |
Newsripper |
Category
Malware
Type
- Backdoor
Information
- https://securelist.com/new-activity-of-the-blue-termite-apt/71876/
- https://blogs.jpcert.or.jp/en/2015/11/emdivi-and-the-rise-of-targeted-attacks-in-japan.html
- http://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-cyber-espionage-campaign/
- http://blog.trendmicro.com/trendlabs-security-intelligence/attackers-target-organizations-in-japan-transform-local-sites-into-cc-servers-for-emdivi-backdoor/
Malpedia
Alienvault Otx
Other Information
Uuid
bdd9c8ab-168e-4a3f-a35a-3dd670a9bd02
Last Card Change
2020-05-13