+ malicious network driver

From ema
Revision as of 15:18, 14 October 2018 by Dbeck (talk | contribs) (Created page with "{{Behavior |Name=+ malicious network driver |Description=Malicious network drivers can be installed on several machines on a network via an exploited server with high uptime....")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
EMA ID: ema-1029
Description: Malicious network drivers can be installed on several machines on a network via an exploited server with high uptime. Once the drivers are installed on the host machines, they can re-infect the server if it is restarted, can infect other machines on the network, and can redirect traffic on the network as they please.

These drivers can tunnel traffic from the outside into the network, allowing the attackers to access remote desktop sessions or to connect to servers inside the domain by using previously acquired credentials. Using the credentials, they can re-deploy the entire platform following a massive shutdown or power loss The malware persists on machines connected to the network even after reboot. Once the machine connects to the server, the malware repopulates itself on the server. This, in turn, infects the remaining machines on the network.

The malware exploits a zero-day kernel-level vulnerability in Microsoft's Win32k TrueType-Font.

Associated With + malicious network driver
A database query error has occurred. Did you forget to run your application's database schema updater after upgrading?

Query: SELECT `cargo__Associations`.`_pageName` AS `_pageName`

`cargo__Pages`.`Title_Icon` AS `Title Icon` FROM `cargo__Associations` LEFT OUTER JOIN `cargo__Pages` ON ((`cargo__Associations`._pageName=`cargo__Pages`._pageName)) WHERE `cargo__Associations`.`Associated_Page`="Ema-1029" GROUP BY `cargo__Associations`.`_pageName` ORDER BY `cargo__Pages`.`Name` LIMIT 100

Function: CargoSQLQuery::run Error: 1055 Expression #2 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'ema.cargo__Pages.Title_Icon' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by (localhost:3306)