Recent MNKit Exploit Activity Reveals Some Common Threads

Unit 42 recently identified a variant of MNKit-weaponized documents
being used to deliver LURK0 Gh0st, NetTraveler, and Saker payloads. The
documents were delivered to targets involved with universities, NGOs,
and political/human rights groups concerning Islam and South Asia. Reuse
of this MNKit variant, sender email addresses, email subject lines,
attachment filenames, command and control domains, XOR keys, and
targeted recipients show a connection between the different payload
families delivered.

MNKit is the name given to a builder that generates CVE-2012-0158
exploit documents. The documents are in MHTML format and install a
malicious payload on the compromised host. We believe MNKit is privately
shared between multiple attack groups, but is not widely available.

  • Monday, 01 Aug 2016
  • By admin

Monitoring National Internet Traffic

National internet traffic monitoring report featuring weekly traffic reports, monthly traffic reports and annual traffic reports.

System Security & Vulnerability Threat Warning

A collection of articles about the early warnings of security threats and system vulnerabilities.

Security News

Newsgroups of Cyber Security or IT.