HURRICANE PANDA
Status: Inactive since Fall 2015Other Names: Operation Umbrella Revolution, Operation Poisoned HurricaneActive Since/Discovered: 2013 Last Report: December 2015 Targets: Telecommunications and technology companies. Targets confidential data and intellectual property Target Sectors: internet services, engineering, and aerospace Malware: -RATs – Sakula Gh0st, plugx, Hikit, Mimikatz -Webshell RAT – Chopper webshell --Easily obfuscated 70 byte text file that consists of an ‘eval()’ command --Used to provide full command execution and file upload/download capabilities to the attackers. --Typically uploaded to a web server via a SQL injection or WebDAV vulnerability Preferred Attack Vector: zero-day vulnerabilities; a DNS resolution exploitation technique; unique toolkit; and a SQL injection vulnerabilities
















