Moker
In October 2015, Israeli cyber-security firm Ensilo discovered a remote access Trojan (RAT), dubbed Moker Trojan, inside the sensitive network of a customer. A remote access Trojan (RAT) is not an APT. Malware is the tool that supports the APT campaign. However, Ensilo contends that the remote access Trojan is complex enough to suggest that it may be developed and deployed by an emerging APT group. The quality of the code is high. The code checks its return values, validates its pointers, handles its exceptions, and prevents buffer overflows. The malware also contains obfuscation measures to inhibit deconstruction and analysis attempts. Since the digital signatures of the malware did not register on Virus Total (a research tool for recognizing malware signatures), and because the malware itself contains features dissimilar to other campaigns, there is the possibility that the security firm either uncovered an undiscovered malware campaign or that they caught a threat as it emerged. Neither the identity of the developer of the malware nor the infection vectors are known. The malware targets the operating system of Microsoft Windows hosts. The single sample of the malware discovered communicated with a domain that corresponded to a HTTP server in Montenegro. Based on its efforts to communicate with the C2 infrastructure, Ensilo postulates that the server is owned by the attacker who hosts C2 infrastructure via a Virtual Private Server (VPS) or a static IP rather than a hacked domain or a shared hosting server.
SYSPREP











