ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Asruex

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Asruex

NamesAsruex
CategoryMalware
TypeBackdoor, Worm
Description(Trend Micro) Since it first emerged in 2015, Asruex has been known for its backdoor capabilities and connection to the spyware DarkHotel. However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an infector particularly through the use of old vulnerabilities CVE-2012-0158 and CVE-2010-2883, which inject code in Word and PDF files respectively.

The use of old, patched vulnerabilities could hint that the variant was devised knowing that it can affect targets who have been using older versions of Adobe Reader (versions 9.x up to before 9.4) and Acrobat (versions 8.x up to before 8.2.5) on Windows and Mac OS X.
Information<https://blog.trendmicro.com/trendlabs-security-intelligence/asruex-backdoor-variant-infects-word-documents-and-pdfs-through-old-ms-office-and-adobe-vulnerabilities/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.asruex>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Asruex>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

Previous: ASPXSpy
Next: Astra

All groups using tool Asruex

ChangedNameCountryObserved

APT groups

XDarkHotelSouth Korea2007-May 2020 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key