About: Duqu   Sponge Permalink

An Entity of Type : owl:Thing, within Data Space : dbkwik.org associated with source dataset(s)

Duqu is

AttributesValues
rdfs:label
  • Duqu
rdfs:comment
  • Duqu is
  • The Trojan may arrive as a Microsoft Word document containing an exploit for the Microsoft Windows 'Win32k.sys' TrueType Font Handling Remote Code Execution Vulnerability (BID 50462). Successful exploitation of the vulnerability will enable the Trojan to be dropped and executed on the targeted computer. When the Trojan is executed, it creates one or more of the following files: %System%\drivers\jminet7.sys %System%\drivers\cmi4432.sys %System%\drivers fred95.sys %System%\drivers red961.sys %Windir%\inf\cmi4432.pnf %Windir%\inf\cmi4464.PNF %Windir%\inf etp191.PNF
dcterms:subject
dbkwik:itlaw/prope...iPageUsesTemplate
abstract
  • Duqu is
  • The Trojan may arrive as a Microsoft Word document containing an exploit for the Microsoft Windows 'Win32k.sys' TrueType Font Handling Remote Code Execution Vulnerability (BID 50462). Successful exploitation of the vulnerability will enable the Trojan to be dropped and executed on the targeted computer. When the Trojan is executed, it creates one or more of the following files: %System%\drivers\jminet7.sys %System%\drivers\cmi4432.sys %System%\drivers fred95.sys %System%\drivers red961.sys %Windir%\inf\cmi4432.pnf %Windir%\inf\cmi4464.PNF %Windir%\inf etp191.PNF It then creates one or more of the following registry subkeys: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JmiNET3 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmi4432 The Trojan then opens a back door allowing an attacker to gather the following information from the compromised computer: A list of running processes, account details, and domain information Drive names and other information, including those of shared drives Screenshots Network information (interfaces, routing tables, shares list, etc) Keystrokes Open window names Enumerated shares File exploration on all drives, including removable drives Enumeration of computers in the domain through NetServerEnum The Trojan then sends the information gathered to a predetermined command and control (C&C) server. It also downloads further malicious files from the C&C server.
Alternative Linked Data Views: ODE     Raw Data in: CXML | CSV | RDF ( N-Triples N3/Turtle JSON XML ) | OData ( Atom JSON ) | Microdata ( JSON HTML) | JSON-LD    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 07.20.3217, on Linux (x86_64-pc-linux-gnu), Standard Edition
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2012 OpenLink Software