In the website, the product shows great versatility as it contains many types of RATs, features and functionality, such as the traditional HawkEye Logger or other types of remote administration tools like Cyborg Logger, CyberGate, DarkComet, NanoCore and more. HawkEye is a commercial tool that has been in development for a few years now it appeared in 2014, as a website called HawkEyeProducts, and made a very famous contribution to the hacker community. HawkEye_Keylogger_Execution_Confirmed_ 6 : 08 : 31 PM The file names contain a very informative string: Looking into the “call home” traffic, the Keylogger functionality prepares files that act as a container for keyboard interrupts, collecting hostnames, application names, usernames and passwords. A well trained knight would never go to war with a blazing shield and yet a stick for a sword.
#GRABIT MEDIA CODE#
It means that whoever programmed the malware did not write all the code from scratch. Taking that into an equation, it seems that the threat actors are sending a “weak knight in a heavy armor” to war.
#GRABIT MEDIA WINDOWS#
In addition, the files themselves were not programmed to make any kind of registry maneuvers that would hide them from Windows Explorer.
This type of work is known as a mitigation factor for threat actors to keep their code hidden from analysts’ eyes.ĭuring our research, dynamic analysis showed that the malicious software’s “call home” functionality communicates over obvious channels and does not go the extra mile to hide its activity.
#GRABIT MEDIA SOFTWARE#
ASLR is also enabled, which might point to an open source RAT or even a commercial framework that packed the malicious software in a well written structure. The proprietary obfuscated string, methods and classes made it rather challenging to analyze. Looking at the chart, it is interesting to see the modus operandi as the threat actor consistently strives to achieve a variety of samples, different code sizes and supposedly more complicated obfuscation.Īlong with these different sizes, activities and obfuscation, a serious encryption algorithm was also implemented in each one of them.
The smallest sample (0.52Mb) and the largest (1.57Mb) were both created on the same day, which could indicate experiments made by the group to test features, packers and “dead code” implementations. The following chart illustrates how the group or individual created the samples, the size of each sample, the time of the day when each was compiled and the time lapses between each compilation. Files were compiled over the course of three days, between March 7th and 9th of 2015. As the development phase supposedly ended, malware started spreading from India, the United States and Israel to other countries around the globe.Īll of the dozens of samples we managed to collect were programmed in Windows machine 32bit processor, over the Microsoft. Our documentation points to a campaign that started somewhere in late February 2015 and ended in mid-March. The timestamp seems valid and close to the documented infection timeline. Every sample we found was different in size and activity from the others but the internal name and other identifiers were disturbingly similar. The malware calls itself Grabit and is distinctive because of its versatile behavior. GrabIt sells software guided electroadhesive conveyer belts for urban warehouses.Not so long ago, Kaspersky clients in the United States approached Kaspersky researchers with a request to investigate a new type of malicious software that they were able to recover from their organizations’ servers. The company estimates that the apparel industry is a $200-$300 million market for robotics makers, but sees e-commerce as an even bigger opportunity.
#GRABIT MEDIA SERIES#
Howie Long-Short: While GrabIt remains a privately held company, Nike ( NKE) is a minority investor, having participated in their Series A round 4 years ago. Shirt manufacturers are already lining up to purchase the GrabIt robots that can do collars and cuffs, scheduled to be released next year. GrabIt’s electroadhesion technology is so diverse, it can handle an egg, soft fabric or a 50lb. Within an 8-hour shift, a machine monitored by a single employee can produce between 300-600 pairs of shoes. The robots, designed to stack fabric, can precisely stack and fuse the upper parts of a sneaker in in 50-75 seconds work that would take a human 10 minutes to complete. Nike ( NKE) has begun to implement GrabIt robots that utilizes the cling of static electricity, to produce sneakers in both Mexico and China.
0 kommentar(er)
