Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRE
T//
NOFORN
Pique Analysis Report
20150904-273-Fir
eEye
-Window into Russian C
y
ber O
p
s
Ra
y
theon Blackbird Technolo
g
i
es,
Inc. 2 04 Se
p
tember 2015
Use or disclosure of data contained on this sheet is su
bje
ct to the restrictions on the title
page
of this document.
SECRE
T//
NOFORN
The Bat! (Modavian email client)
Becky! (Japanese email client)
No technical details are provided on how OldBait implements credential harvesting but we
suspect browser hooking.
(S//NF) Although this report is an interesting read on Russian malware activity, there is very
little technical detail provided on implementation and therefore no PoCs are recommended.
2.0 (U) Description of the Technique
(S//NF) Not applicable as no PoCs are recommended.
3.0 (U) Identification of Affected Applications
(S//NF) Windows, Windows-based browsers (IE and Firefox), and email clients (Eudora, The
Bat!, and Becky!).
4.0 (U) Related Techniques
(S//NF) Dropper, general RAT, and credential harvesting.
5.0 (U) Configurable Parameters
(U) Varied.
6.0 (U) Exploitation Method and Vectors
(S//NF) No exploitation methods were discussed. The attack vector mentioned is spear phishing.
7.0 (U) Caveats
(U) None.
8.0 (U) Risks
(S//NF) Not applicable as no PoCs are recommended.
9.0 (U) Recommendations
(S//NF) No PoCs are recommended.

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh