research.checkpoint.comContents1 Executive summary1.1 Introduction1.2 European Healthcare Institution Infection – How Did It Start?1.2.1 The Infector (Symantec.exe + LDVPOCX.OCX)1.2.2 The Backdoor (CUZ.exe/msexpert.exe + ZIPDLL.dll)1.2.3 Evasions module (vivaldi.exe + vivaldi_elf.dll)1.3 Upgraded toolset1.4 HopperTick (USB launcher) analysis1.5 WispRider (infector and backdoor) analysis1.5.1 Malware Configuration1.5.2 WispRider Execution flow1.5.3 USB Infection1.5.4 C&C Communication and backdoor capabilities1.6 Post-exploitation tools: Disk Monitor1.7 […]
