Kurton

Description

This family of malware is a backdoor that tunnels its connection through a preconfigured proxy. The malware communicates with a remote command and control server over HTTPS via the proxy. The malware installs itself as a Windows service with a service name supplied by the attacker but defaults to IPRIP if no service name is provided during install.

Names

Name
Kurton

Type

Backdoor
Tunneling
Info stealer

Information

https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
http://contagiodump.blogspot.com/2013/03/mandiant-apt1-samples-categorized-by.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.kurton

Other Information

Uuid

666cd633-8570-4784-84d8-6e934d7b6e12

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

Kurton

Kurton

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks