 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: Emdivi| Names | Emdivi Newsripper | |
| Category | Malware | |
| Type | Backdoor | |
| Description | (Kaspersky) The emdivi family stores important data about itself, including C2, API name, strings for anti-analysis, value of mutexes, as well as the md5 checksum of backdoor commands and the internal proxy information. They are stored in encrypted form, and are decrypted when necessary. Therefore, to analyze an emdivi sample in detail, we need to locate which hex codes are encrypted, and how to decrypt them. In the process of decryption, a unique decryption key is required for each sample. | |
| Information | <https://securelist.com/new-activity-of-the-blue-termite-apt/71876/> <https://blogs.jpcert.or.jp/en/2015/11/emdivi-and-the-rise-of-targeted-attacks-in-japan.html> <http://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-cyber-espionage-campaign/> <http://blog.trendmicro.com/trendlabs-security-intelligence/attackers-target-organizations-in-japan-transform-local-sites-into-cc-servers-for-emdivi-backdoor/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.emdivi> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:emdivi> | |
Last change to this tool card: 13 May 2020
Download this tool card in JSON format
Previous: EMASTEAL
Next: Emissary
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Blue Termite, Cloudy Omega |  | 2013 | |||
 | Stone Panda, APT 10, menuPass | | 2006-Feb 2022 |  | |
2 groups listed (2 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |