[uanog] New virus attack
Volodymyr Litovka
doka.ua at gmail.com
Tue Jul 4 16:14:15 EEST 2017
On 7/4/17 2:53 PM, Mike Petrusha wrote:
> Но зачем вся эта шпионская история с коллекционированием ЄДРПОУ?
Each organization that does business in Ukraine has a unique legal
entity identifier called the EDRPOU number. This is extremely important
for the attackers: having the EDRPOU number, they could identify the
exact organization that is now using the backdoored M.E.Doc. Once such
an organization is identified, attackers could then use various tactics
against the computer network of the organization, depending on the
attackers’ goal(s). [ ... ] And, of course, the attackers added the
ability to control the infected machine.
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.uanog.kiev.ua/pipermail/uanog/attachments/20170704/7fef1bba/attachment.html>
More information about the uanog
mailing list