Jump to content
Nytro

Regin: Top-tier espionage tool enables stealthy surveillance

By Nytro, in Reverse engineering & exploit development

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Regin: Top-tier espionage tool enables stealthy surveillance

Symantec Security Response

Version 1.0 – November 24, 2014

OVERVIEW...................................................................... 3
Introduction................................................................... 5
Timeline.......................................................................... 5
Target profile.................................................................. 6
Infection vector........................................................ 6
Architecture................................................................... 8
Stage 0 (dropper)..................................................... 9
Stage 1...................................................................... 9
Stage 2...................................................................... 9
Stage 3...................................................................... 9
Stage 4............................................................ 11
Stage 5.................................................................... 11
Encrypted virtual file system containers ?????????????? 11
Command-and-control operations......................... 12
Logging................................................................... 12
Payloads....................................................................... 14
64-bit version............................................................... 15
File names.............................................................. 15
Stage differences................................................... 15
Conclusion.................................................................... 16
Protection..................................................................... 16
Appendix...................................................................... 18
Data files................................................................ 18
Indicators of compromise............................................ 20
File MD5s................................................................ 20
File names/paths.................................................... 20
Extended attributes............................................... 21
Registry.................................................................. 21

Download: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...