Wednesday, May 10, 2017

APT Turla - Kazuar (MacOS Version of Uroburos Espionage Rootkit)


Malware researchers have found a new backdoor malware called Kazuar, and it functions in MacOS version of Uroburos espionage rootkit. The actor behind this malware is infamous APT actor called Turla APT (Advanced Persistent Threat) actor.

Uroburos Dragon


Uroburos has been nurtured by Turla since 2014 to executed commands in the infected system aka zombie systems. In 2014, GDATA published paper on Uroburos and it was titled as Uroburos Highly complex espionage software with Russian roots. We recommend the readers to go through the paper which gives lot of information on the espionage by reverse engineering with deep dissection cuts.
GDATA Paper on Uroburos



 The Uroburos rootkit is composed of two files, a driver and an encrypted virtual file system. The Mac version of Uroburos known as Snake, Turla and Agent.BTZ is a sophisticated malware framework employed in targeted attacks.


Analysis of Uroburos by GDATA


Rootkit Framework






 Snake was discovered by researchers at Netherlands-based cyber security firm FOX-IT. Experts state that this new variant dubbed Snake is a port of the Windows version and contains debug functionalities. Kazuar is suspected to be a replacement for the second stage backdoor Carbon, implanted in systems already compromised by Turla. Kazuar is a Microsoft .NET framework based Trojan that grants actors complete access to compromised systems targeted by its operator.






Post made by
newWorld

2 comments:

newworld said...

Thanks for your comment.
Keep watching our space.
We will try to bring more contents here!!!

easylearn said...

Hi,
Best article, very useful and well explanation. Your post is extremely incredible.Good job & thank you very much for the new information, i learned something new. Very well written. It was sooo good to read and usefull to improve knowledge. Who want to learn this information most helpful. One who wanted to learn this technology IT employees will always suggest you take python training in btm.

Operating system - Part 1:

 In our blog, we published several articles on OS concepts which mostly on the perspective for malware analysis/security research. In few in...