Fidelis Threat Advisory #1014. Document Status: 1.0 Last Revised:
|
|
- Hilary Sherman
- 8 years ago
- Views:
Transcription
1 Fidelis Threat Advisry #1014 Bts, Machines, and the Matrix Dec 12, 2014 Dcument Status: 1.0 Last Revised: Executive Summary In the recent past, a Fidelis XPS user reprted seeing detectins f what appeared t be btnet-related malware. While that custmer was prtected, we at General Dynamics Fidelis Cybersecurity Slutins decided t take a clser lk. The analysis f the malicius cde revealed that it appeared t be Andrmeda but the delivery infrastructure lked interesting. Further telemetry frm ur sensrs shwed that this server in China was als hsting and distributing many ther malicius specimens. Analysis f the data revealed a pattern in the filenames. Our analysts used this pattern t discver ther systems distributed acrss the glbe serving up varius btnet malware, s far assumed t be used in distinct campaigns but clearly related in this case: - Andrmeda - Beta Bt - Neutrin Bt - NgrBt/DrkBt Analysis als shwed hw attackers cntinue t benefit frm the use f glbally-distributed hsting prviders t perfrm their malicius activities. Further, the analysis revealed hw attackers are hsting and distributing identical cpies f the malware frm servers in different cuntries including China, Pland, Russia, and the United States. Fr the perid f time researched in this activity, we bserved the fllwing targeted sectrs in the US: - Manufacturing / Bitechnlgy & Drugs - Prfessinal Services / Engineering - Infrmatin Technlgy / Telecmmunicatins - Gvernment / State Nte that ur ftprint is largely in the Enterprise space and it is pssible that we re seeing spillver frm wider campaigns. This dcument uncvers varius servers hsting Bts and ther related malware, prvides a triage analysis f varius pieces f malware hsted by these malicius servers, and prvides indicatrs that netwrk defenders can use t prtect their netwrks. Users are granted permissin t cpy and/r distribute this dcument in its riginal electrnic frm and print cpies fr persnal use. This dcument cannt be mdified r cnverted t any ther electrnic r machine-readable frm in whle r in part withut prir written apprval f Fidelis Security Systems, Inc. While we have dne ur best t ensure that the material fund in this dcument is accurate, Fidelis Security Systems, Inc. makes n guarantee that the infrmatin cntained herein is errr free. Cpyright 2014 General Dynamics Fidelis Cybersecurity Slutins Rev Threat Advisry #1014 Page 1 f 16 Bts, Machines, and the Matrix
2 Threat Overview The threat activity bserved in the past weeks against varius targets in ur custmer base has shwn patterns that allwed us t discver multiple servers hsting and distributing malicius sftware (Bts). As it is knwn by the netwrk defenders and the security cmmunity, it is imprtant t defend against these attacks since systems infected with these malicius specimens culd be used fr credential theft, Distributed Denial f Service Attacks, spreading malware, lateral prpagatin, etc. This is f great cncern as the first stage attack cntinues t bypass netwrk security defenses infecting user s cmputers that beacn t malicius servers t dwnlad r create the secnd stage malware int the victim systems. Sme f the main Bt types f malware detected thrugh this research include: - Andrmeda Andrmeda is a mdular bt that dwnlads mdules and updates frm its cmmand and cntrl (C&C) server during executin. The malware has bth anti-vm and anti-reversing features. Its cde is bfuscated t make it mre difficult fr malware reverse engineers t analyze and antivirus tls t detect. Andrmeda bt features include: self-prpagatin, injectin int trusted prcesses t hide itself, netwrk traffic encryptin, dwnlad and installatin f files/malware, frm grabber, keylgger, ring3 rtkit, prxy, etc. Features like frm grabber, rtkit, and prxy are delivered t the malware in the frm f mdules that are then laded int the victim system after the malware makes a cnnectin with its C&C. It appears that in 2012, sme f the mdules were sld fr $500 (frm grabber), $300 (Ring3 rtkit), and $200 (keylgger). - DrkBt/NgrBt DrkBt is a mdified IRCBt that is very similar in features t NgrBt. DrkBt has a lader and a mdule. The bt includes the fllwing features: prcess injectin, hard drive wiping, etc. Different frm NgrBt, DrkBt uses mdified IRC cmmands. Sme f the cmmands supprted include:!die,!dl,!http.inj,!lgins,!rc,!speed,!ssyn,!stp,!up, and!udp. NgrBt can als be remtely cntrlled via Internet-Relay-Chat (IRC) prtcl. It has capabilities t jin different IRC channels t perfrm varius attacks accrding t the IRC-based cmmands frm the C&C server. Its cde is bfuscated t make it mre difficult fr malware reverse engineers t analyze and antivirus tls t detect. NgrBt features include: self-prpagatin (e.g. thrugh USB remvable drives, scial netwrking sites, and messaging clients), prcess injectin, hard drive wiping, blcking access t multiple antivirus/security vendr websites, denial f service attacks, credentials stealing (usernames and passwrds), dwnlad and execute file, etc. Sme f the cmmands supprted are: ~pu, ~dw, ~http.inj, ~lgins, ~rc, ~speed, ~ssyn, ~stp, and ~udp. - Beta Bt It is said that Beta bt started ut as an HTTP bt. The Bt is als knwn by sme security vendrs as Trjan.Neurevt. Its cde is bfuscated t make it mre difficult fr malware reverse engineers t analyze and antivirus tls t detect. Beta bt features include: anti-vm and anti-reversing, self-prpagatin, rtkit, prcess injectin, blcking access t multiple antivirus/security vendr websites, AV-disabling, frm grabbing, dwnlad and executin f files, terminatin f cmpeting malware cmmunicatins by terminating their prcesses r blcking their cde injectins, and denial f service. It appears that Threat Advisry #1014 Page 2 f 16 Bts, Machines, and the Matrix
3 in May 2013, the pre-built bt culd be purchase fr $320-$500, and $20 fr variant rebuilds fr thse requiring cnfiguratin changes. Accrding t nline research, Beta Bt sales are being handled by Lrd Hurn, althugh betamnkey appears t be the authr. The fllwing image was fund during nline research: - Neutrin The Neutrin bt was advertised as an HTTP stress-testing tl. It has sme f the fllwing features: anti-vm and anti-reversing/debugging, denial f service (HTTP/TCP/UDP fld), keylgger, cmmand shell, credential stealing, self-spreading, etc. It appears at sme pint the bt was sld fr $550 (Builder), $200 (Full set including Bt and Admin Panel), and $20 (Update). Online research revealed the fllwing cntact infrmatin fr this bt: n3utrin@kaddafi[.]me / n3utrin@xmpp[.]jp / n3utrin.blg[.]cm. The fllwing images were fund during nline research: Threat Advisry #1014 Page 3 f 16 Bts, Machines, and the Matrix
4 The fllwing table prvides infrmatin abut sme f the servers hsting and distributing malware and sme f the filename patterns discvered: Last Observed IP Lcatin Filename Pattern December [.]7 China and[2_digits][single character][2_digits].exe bet[2_digits][single character][2_digits].exe nut[2_digits][single character][2_digits].exe December [.]45 Pland bet[2_digits][single character][2_digits].exe bnew[2_digits][single character][2_digits].exe nut[2_digits][single character][2_digits].exe [3_digits][single character][1_digit].exe [2_digits][single character][1_digit].exe December [.]62 US (Amazn) and[2_digits][single character][2_digits].exe bet[2_digits][single character][2_digits].exe bnew[2_digits][single character][2_digits].exe dq[2_digits][single character][2_digits].exe dqnew[2_digits][single character][2_digits].exe nut[2_digits][single character][2_digits].exe Nvember [.]47 China and[2_digits][single character][2_digits].exe and[single character][1_digit].exe bet[2_digits][single character][2_digits].exe bet[1_r_2_digits].exe bet[single character][1_digit].exe nut[2_digits][single character][2_digits].exe Nvember [.]184 China and[2_digits][single character][2_digits].exe and[2_digits].exe and[2_digits][single character].exe bet[2_digits][single character][2_digits].exe bet[2_digits].exe ng[2_digits].exe nut[2_digits][single character][2_digits].exe nut[2_digits].exe nut[2_digits][single character].exe zpm[2_digits][single character].exe Nvember [.]44 Pland 3307[2_digits][single character][2_digits].exe and[2_digits][single character][2_digits].exe bet[2_digits][single character][2_digits].exe bnew[2_digits][single character][2_digits].exe Threat Advisry #1014 Page 4 f 16 Bts, Machines, and the Matrix
5 Nvember [.]73 US (Amazn) Nvember [.]154 US (Amazn) Nvember [.]62 US (Amazn) and[2_digits][single character][2_digits].exe bet[2_digits][single character][2_digits].exe bnew[2_digits][single character][2_digits].exe nut[2_digits][single character][2_digits].exe and[2_digits][single character][2_digits].exe bet[2_digits][single character][2_digits].exe nut[2_digits][single character][2_digits].exe 3307[2_digits][single character][2_digits].exe and[2_digits][single character][2_digits].exe bet[2_digits][single character][2_digits].exe bnew[2_digits][single character][2_digits].exe Octber [.]44 China and[2_digits][single character][2_digits].exe and[2_digits].exe bet[2_digits][single character].exe bet[2_digits].exe nut[2_digits].exe Octber [.]241 Russia and[2_digits].exe ng[2_digits]exe nut[2_digits][single character][2_digits].exe nut[2_digits].exe Octber [.]124 US (Amazn) bnew[2_digits].exe ng[2_digits].exe nut[2_digits].exe zpm[2_digits].exe The fllwing table prvides infrmatin abut the relatinship between the malicius servers, detectin names by antivirus tls, and vertical market affected (based n unique hashes and detectins): IP Lcatin Generic AV detectin Vertical Market/Specializatin [.]7 China Wrm.Win32.Ngrbt Prfessinal Services/Engineering Wrm.Win32.Drkbt Threat Advisry #1014 Page 5 f 16 Bts, Machines, and the Matrix
6 Backdr.Win32.Ruskill Trjan.Win32.Yakes Trjan.Win32.Munchies [.]45 Pland Backdr.Win32.Andrm Trjan.Win32.Lethic Trjan.Win32.Inject Trjan.Win32.Munchies Trjan.Win32.Yakes [.]62 US (Amazn) Backdr.Win32.Andrm Wrm.Win32.Ngrbt Wrm.Win32.Drkbt Backdr.Win32.Ruskill Trjan.Win32.Lethic Trjan.Win32.Yakes Trjan.Win32.Munchies [.]47 China Backdr.Win32.Andrm Trjan.Win32.Betabt Wrm.Win32.Drkbt Backdr.Win32.Ruskill Trjan.Win32.Neurevt Wrm.Win32.Ngrbt Trjan- Spy.Win32.SpyEyes Trjan- Spy.Win32.Zbt Backdr.Win32.Azbreg Trjan.Win32.Badur Trjan.Win32.Inject Trjan.Win32.Sharik Trjan.Win32.Yakes Trjan- Dwnlader.Win32.Agent Trjan- Drpper.Win32.Injectr [.]184 China Backdr.Win32.Andrm Wrm.Win32.Ngrbt Backdr.Win32.Ruskill Trjan.Win32.Badur Trjan.Win32.Inject Trjan.Win32.Yakes Trjan.Win32.Sysn Manufacturing/Healthcare Manufacturing/Healthcare/Gvernment [.]44 Pland Backdr.Win32.Andrm Wrm.Win32.Ngrbt Trjan.Win32.Badur Trjan.Win32.Yakes [.]73 US (Amazn) Backdr.Win32.Andrm Trjan.Prxy.Win32.Lethic Wrm.Win32.Ngrbt Gvernment Threat Advisry #1014 Page 6 f 16 Bts, Machines, and the Matrix
7 Trjan.Win32.Badur Trjan.Win32.Inject [.]154 US (Amazn) Backdr.Win32.Andrm Backdr.Win32.Ruskill Trjan.Win32.Yakes [.]44 China Backdr.Win32.Andrm Wrm.Win32.Ngrbt Backdr.Win32.Ruskill Trjan.Win32.Badur Trjan.Win32.Yakes [.]241 Russia Backdr.Win32.Andrm Wrm.Win32.Ngrbt Trjan.Win32.Badur Trjan.Win32.Yakes Gvernment [.]124 US (Amazn) Backdr.Win32.Andrm Wrm.Win32.Ngrbt Trjan.Win32.Badur Wrm.Win32.Hamweq Trjan.Win32.Sysn Risk Assessment A bt malware has features like anti-reversing, credential stealing/keystrke lgging/frm grabbing, DNS changer, prcess injectin, antivirus prcess killing, blcking f security related websites, backdr, and thers. They als have features t spread themselves thrugh USB remvable drives, scial netwrking sites, and messaging clients. In additin, they culd als infiltrate the netwrk when the victim user visits a website hsting a brwser explit. Once the attacker gains cntrl, the infected system culd be used t launch Distributed Denial f Service attacks, spread the bt t ther victims, dwnlad mre advanced malware t perfrm lateral prpagatin, etc. The attackers (Bt Masters/Herders) culd als rent their btnets t ther cybercriminals. Indicatrs and Mitigatin Strategies This sectin presents infrmatin abut sme f the servers we have bserved hsting and distributing malware, filename patterns, as well as a triage analysis f varius pieces f malware bserved delivered by these servers - Servers bserved hsting and distributing malware: [.] [.] [.] [.] [.] [.] [.] [.] [.] [.] [.] [.]62 Threat Advisry #1014 Page 7 f 16 Bts, Machines, and the Matrix
8 [.]128 - Sme f the filename patterns bserved: [.]7/and40a70.exe [.]7/bet40a71.exe [.]7/ng40a71.exe [.]45/37a1.exe [.]62/330740a71.exe [.]62/bnew40a71.exe [.]45/109a7.exe [.]45/51a5.exe [.]45/62.exe [.]184/ng33.exe [.]184/zpm39a.exe [.]45/141a1.exe [.]112/98.exe [.]124/zpm37.exe [.]62/bnew40a85.exe [.]7/nut40a71.exe [.]62/dqnew40a81.exe [.]44/and33.exe [.]112/330740x.exe [.]128/37extra.exe [.]241/ng38a.exe - Triage analysis f varius pieces f malware bserved delivered by servers mentined in this reprt: (Please nte that the activity in this sectin has been recrded per initial file infectin and nt individually per file dwnladed and executed by the initial malware under investigatin) Andrmeda MD5: 036eb11a5751c77bc c8e5 This file was bserved hsted in the fllwing servers: [.]44/and37.exe (China) [.]184/and37.exe (China) [.]73/and37.exe (US) File infrmatin: File Name: and37.exe File Size: bytes MD5: 036eb11a5751c77bc c8e5 SHA1: c6966d9557a9d5ffbbcd7866d45eddff30a9fd99 PE Time: 0x5431A1E4 [Sun Oct 05 19:54: UTC] PEID Sig: Micrsft Visual C++ 8 Sectins (4): Name Entrpy MD5.text d9ac5c3c1853a62535bb42fe25.rdata e0faee1b5962f3b0e7ef0cd07b07d90.data d36a05bbbfdab643e78f1b1dad4.rsrc da4653b7fcb4ee a2ed The malware appears t implement anti-reversing techniques preventing its executing inside a virtual machine envirnment (VME). This malware is believed t be a variant frm the Andrmeda Bt malware family. When the file was executed in a Windws 7 system, the fllwing activity was bserved: Dmain: Reslved IP: POST request: GET request: File dwnladed: Full path and name: Prcess injectin: a2kiaymster14902[.]cm [.]248 (China) /bla02/gate.php [.]62/and40a90.exe (US) b62391f3f7cbdea f60f3930f (msitygyd.exe) C:\PrgramData\msitygyd.exe C:\Windws\SysWOW64\msiexec.exe Threat Advisry #1014 Page 8 f 16 Bts, Machines, and the Matrix
9 Beta Bt MD5: 9e8b203f487dfa85dd47e32b3d24e24e This file was bserved hsted in the fllwing servers: /betw9.exe (China) /bet4.exe (US) File infrmatin: File Name: betw9.exe File Size: bytes MD5: 9e8b203f487dfa85dd47e32b3d24e24e SHA1: de6a4d53b5265f8cddf08271d17d845f58107e82 PE Time: 0x B [Sat Sep 13 19:21: UTC] PEID Sig: Micrsft Visual C++ 8 Sectins (4): Name Entrpy MD5.text e347b4bb29e39a97c5803db1ee53321.rdata d4fc093dc013fa7d86bee7b85c0f9.data daa66602eb4a3aa8effd3a287efbf7.rsrc 6.1 9b2a41b9bc48ccff04effe10bb0fb839.rsrc da4653b7fcb4ee a2ed The malware did nt appear t implement anti-reversing techniques and prperly executed inside a VME. This malware is believed t be a variant frm the Beta Bt malware family. When the file was executed in a Windws XP system, the fllwing activity was bserved: Dmain: Reslved IP: POST request: GET request: File dwnladed: Full path and name: GET request: File dwnladed: Full path and name: Made a cpy itself t: Hash f file cpy: b.9thegamejuststarted14k9[.]cm [.]74 (China) /direct/mail/rder.php?id= [.]184/ng40a54.exe (China) fe8c978f05f3a83af7c8905f94f71213 (mxbrwtqjjvk.exe) %TEMP%\mxbrwtqjjvk.exe [.]184/and40a54.exe (China) b4d6c0e3bc2ecda983161f (cmqgvyqtpkh.exe) %TEMP%\cmqgvyqtpkh.exe %CmmnPrgramFiles%\CreativeAudi\ldhkkangs.exe 9e8b203f487dfa85dd47e32b3d24e24e Registry entrenchment: Key: Value Name: Value Data: Key: Value Name: Value Data: HKEY_LOCAL_MACHINE\SOFTWARE\Micrsft\Windws\CurrentVersin\Run CreativeAudi C:\Prgram Files\Cmmn Files\CreativeAudi\ldhkkangs.exe HKEY_CURRENT_USER\Sftware\Micrsft\Windws\CurrentVersin\Run CreativeAudi C:\Prgram Files\Cmmn Files\CreativeAudi\ldhkkangs.exe Threat Advisry #1014 Page 9 f 16 Bts, Machines, and the Matrix
10 Prcess Injectin: C:\Prgram Files\Internet Explrer\iexplre.exe Screensht f the registry activity: Screensht shwing a handle f the malware in the iexplrer.exe prcess: Neutrin Bt MD5: 463f d0391add327c1270d7fe6 This file was bserved hsted in the fllwing servers: [.]184/nut40a52.exe (China) [.]45/nut40a52.exe (Pland) File infrmatin: File Name: nut40a52.exe File Size: bytes MD5: 463f d0391add327c1270d7fe6 SHA1: a87c5b6a588ef4b351ce1a3a0fe2b035e685e96c PE Time: 0x546D0881 [Wed Nv 19 21:15: UTC] PEID Sig: Micrsft Visual C++ 8 Sectins (4): Name Entrpy MD5.text fe50af0b54ed ea6b9e7178b.rdata ff7c660e83eeff9a7db4abf0ceab04.data 5.74 e19f755461a bd1e8e rsrc dac81db1ae19c69e8a2b7e5311 The malware appears t implement anti-reversing techniques preventing it frm prperly executing inside a VME. In a bare-metal system, the malware wrked prperly. This malware is believed t be a variant frm the Neutrin Bt malware family. When the file was executed in a Windws 7 system, the fllwing activity was bserved: Dmain: Reslved IP: POST request: Data: nutqlfkq123a10[.]cm [.]140 (China) /newfiz3/tasks.php ping=1 Threat Advisry #1014 Page 10 f 16 Bts, Machines, and the Matrix
11 Server respnse: png POST request: /newfiz3/tasks.php Data: getcmd=1&uid=[remved]&s=win+7+enterprise+(x64) &av=symantec+endpint+prtectin&nat=yes&versin=3.2.1 &serial=[remved]&quality=0 POST request: /newfiz3/tasks.php Data: taskexec=1&task_id= GET request: File dwnladed: Full name: Made a cpy itself t: Hash f file cpied: Created file: File hash: Created file: File hash: Created file: File hash: Created file: File hash: [.]62/330740a91.exe b21e4c8f73151d7b0294a3974fe a91.exe %APPDATA%\Raming\WIN-S0MT3UJUS2O\splww64.exe 463f d0391add327c1270d7fe6 C:\PrgramData\bett2f00\hemxccape.exe 9cf7d079713fdf715131e16b144d3f52 C:\PrgramData\msitygyd.exe 2983d957d4cdd cfaf21147d07 %TEMP%\ exe 72380a9fcf7486bb731606d4f4c13f27 %TEMP%\ exe f220f0a48885bafc29b31fb7228cc4bb USB drive infectin: Created file: Full path and name: File cntents: Created file: Full path and name: Nte: c1fa3e4ee1e2e5b088bc657b0b5a3b8e [USB_DRIVE]\autrun.inf [autrun] OPEN=WinSystemKB001.exe actin=run 463f d0391add327c1270d7fe6 [USB_DRIVE]\WinSystemKB001.exe This is a cpy f riginal file executed. Registry entrenchment: Key: Value Name: Value Data: Key: Value Name: Value Data: HKCU\Sftware\Micrsft\Windws\CurrentVersin\Run A C:\PrgramData\bett2f00\hemxccape.exe HKCU\Sftware\Micrsft\Windws\CurrentVersin\Run splww64.exe %APPDATA%\Raming\WIN-S0MT3UJUS2O\splww64.exe Key: HKLM\SOFTWARE\Micrsft\Windws\CurrentVersin\Plicies\Explrer\Run Value Name: Threat Advisry #1014 Page 11 f 16 Bts, Machines, and the Matrix
12 Value Data: Prcess Injectin: C:\PrgramData\msitygyd.exe C:\Windws\SysWOW64\WerFault.exe Screensht shwing a handle f the malware in the WerFault.exe prcess: Screensht f related prcesses running in the victim system: Andrmeda Bt MD5: 13475d0fdba8dc7a648b57b10e8296d5 This file was bserved hsted in the fllwing servers: [.]47/and40a37.exe (China) [.]73/and40a37.exe (US) File infrmatin: File Name: and40a37.exe File Size: bytes MD5: 13475d0fdba8dc7a648b57b10e8296d5 SHA1: feed5337c0a3b1fd55c78a976fbd a22e1 PE Time: 0x54636BD2 [Wed Nv 12 14:16: UTC] PEID Sig: Micrsft Visual C++ 8 Sectins (4): Name Entrpy MD5.text 6.42 c93f36300bb882b4671b7ef0a8bd4fba.rdata af9f1d8e50e49fdf Threat Advisry #1014 Page 12 f 16 Bts, Machines, and the Matrix
13 .data b24669aa9245cef2358a9d76dab97be.rsrc f0f11c aa0e65f04b95ed208 The malware appears t implement anti-reversing techniques preventing it frm prperly executing inside a VME. In a bare-metal system, the malware wrked prperly. This malware is believed t be a variant frm the Andrmeda Bt malware family. When the file was executed in a Windws 7 system, the fllwing activity was bserved: Dmain: Reslved IP: POST request: Made a cpy itself t: Hash f file cpied: a2kiaymster14902[.]cm [.]248 (China) /bla02/gate.php C:\PrgramData\msitygyd.exe 13475d0fdba8dc7a648b57b10e8296d5 Registry entrenchment: Key: HKLM\SOFTWARE\Micrsft\Windws\CurrentVersin\Plicies\Explrer\Run\ Value name: Value data: C:\PrgramData\msitygyd.exe Key: HKEY_LOCAL_MACHINE\SOFTWARE\Ww6432Nde\Micrsft\Windws\ CurrentVersin\Plicies\Explrer\Run Value name: Value data: C:\PrgramData\msitygyd.exe Prcess Injectin: C:\Windws\SysWOW64\msiexec.exe The malware appears t have rtkit functinality. The hidden WinDefend service pints t the fllwing DLL: C:\Prgram Files (x86)\windws Defender\mpsvc.dll. The system was fund t have a valid mpsvc.dll file under the C:\Prgram Files\Windws Defender\ directry. The fllwing screensht shw GMER detecting the hidden service: The fllwing is a summary f all the dmains and IPs bserved during the analysis f the selected malware: a2kiaymster14902[.]cm [.]248 (China) Threat Advisry #1014 Page 13 f 16 Bts, Machines, and the Matrix
14 [.]62/and40a90.exe (US) b.9thegamejuststarted14k9[.]cm [.]74 (China) [.]184/ng40a54.exe / [.]184/and40a54.exe (China) nutqlfkq123a10[.]cm [.]140 (China) Fr infrmatin abut hashes related t this activity, please lk at the spreadsheet enclsed with this reprt which cntains relatinships between servers and hashes. Further Analysis And Crrelatin The fllwing diagram illustrates the relatinship between sme f the malicius servers, malware hsted/distributed, and vertical markets: Threat Advisry #1014 Page 14 f 16 Bts, Machines, and the Matrix
15 The fllwing diagram is based n the analysis/executin f sme f the malware hsted and distributed by the malicius servers. It illustrates the relatinship between sme f the malicius servers, lcatins, malware hsted/distributed, and malicius servers t which the malware beacns t with POST requests and t dwnlad additinal malware: The Fidelis Take This paper highlights campaigns that has cmprmised systems at significant enterprises wrldwide, utilizing varius bt malware. We are publishing these indicatrs s thers in the security research cmmunity can mnitr fr this activity and ptentially crrelate against ther campaigns and tls that are being investigated. General Dynamics Fidelis advanced threat defense prduct, Fidelis XPS, detects all f the activity dcumented in this paper. Further, we will cntinue t fllw this specific activity and actively mnitr the ever-evlving threat landscape fr the latest threats t ur custmers security. Threat Advisry #1014 Page 15 f 16 Bts, Machines, and the Matrix
16 References 1. Neutrin Bt (aka MS:Win32/Kasidet), June 2014: Renting a Zmbie Farm: Btnets and the Hacker Ecnmy, August 2014: 3. DrkBt, a Twin Btnet f NgrBt, August 2014: 4. Big Bx LatAm Hack (1st part - Betabt), January 2014: 5. A Gd Lk at the Andrmeda Btnet, April 2014: 6. CVE and Andrmeda A Massive HSBC themed campaign, June 2014: 7. Beta Bt A Cde Review, Nvember 2013: 8. Athena, A DDS Malware Odyssey, Nv 2013: 9. Andrmeda Btnet Gets an Update, July 2013: New Cmmercial Trjan #INTH3WILD: Meet Beta Bt, May 2013: A new bt n the market: Beta Bt, May 2013: Andrmeda Btnet Resurfaces, March 2013: Fled by Andrmeda, March 2013: Btnets Die Hard - Owned and Operated Defcn 20: July 2012: Enbdy-Btnets-Die-Hard.PDF.pdf 15. A Chat With NGR Bt, June 2012: Analysis f ngrbt, August 2011: Threat Advisry #1014 Page 16 f 16 Bts, Machines, and the Matrix
MaaS360 Cloud Extender
MaaS360 Clud Extender Installatin Guide Cpyright 2012 Fiberlink Cmmunicatins Crpratin. All rights reserved. Infrmatin in this dcument is subject t change withut ntice. The sftware described in this dcument
More informationCustomers FAQs for Webroot SecureAnywhere Identity Shield
Custmers FAQs fr Webrt SecureAnywhere Identity Shield Table f Cntents General Questins...2 Why is the bank ffering Webrt SecureAnywhere sftware?... 2 What des it prtect?... 2 Wh is Webrt?... 2 Is Webrt
More informationCOURSE DETAILS. Introduction to Ethical Hacking. FootPrinting. What is Hacking. Who is a Hacker. Skills of a Hacker.
COURSE DETAILS Intrductin t Ethical Hacking What is Hacking Wh is a Hacker Skills f a Hacker Types f Hackers Reasns fr Hacking Wh are at the risk f Hacking attacks Effects f Cmputer Hacking n an rganizatin
More informationACTIVITY MONITOR Real Time Monitor Employee Activity Monitor
ACTIVITY MONITOR Real Time Mnitr Emplyee Activity Mnitr This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it is a library
More informationInstallation Guide Marshal Reporting Console
INSTALLATION GUIDE Marshal Reprting Cnsle Installatin Guide Marshal Reprting Cnsle March, 2009 Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 3 Sftware Prerequisites 3 Installatin
More informationFAQs for Webroot SecureAnywhere Identity Shield
FAQs fr Webrt SecureAnywhere Identity Shield Table f Cntents General Questins...2 Why is the bank ffering Webrt SecureAnywhere Identity Shield?... 2 What des it prtect?... 2 Wh is Webrt?... 2 Is the Webrt
More informationGETTING STARTED With the Control Panel Table of Contents
With the Cntrl Panel Table f Cntents Cntrl Panel Desktp... 2 Left Menu... 3 Infrmatin... 3 Plan Change... 3 Dmains... 3 Statistics... 4 Ttal Traffic... 4 Disk Quta... 4 Quick Access Desktp... 4 MAIN...
More informationFirewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)
Firewall/Prxy Server Settings t Access Hsted Envirnment Client firewall settings in mst cases depend n whether the firewall slutin uses a Stateful Inspectin prcess r ne that is cmmnly referred t as an
More informationDeployment Overview (Installation):
Cntents Deplyment Overview (Installatin):... 2 Installing Minr Updates:... 2 Dwnlading the installatin and latest update files:... 2 Installing the sftware:... 3 Uninstalling the sftware:... 3 Lgging int
More informationACTIVITY MONITOR. Live view of remote desktops. You may easily have a look at any user s desktop.
Web Develpment Offshre Develpment Outsurcing SEO ACTIVITY MONITOR This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationConfiguring and Monitoring AS400 Servers. eg Enterprise v5.6
Cnfiguring and Mnitring AS400 Servers eg Enterprise v5.6 Restricted Rights Legend The infrmatin cntained in this dcument is cnfidential and subject t change withut ntice. N part f this dcument may be reprduced
More informationIn addition to assisting with the disaster planning process, it is hoped this document will also::
First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business
More informationCorporate Account Takeover & Information Security Awareness
Crprate Accunt Takever & Infrmatin Security Awareness What is Crprate Accunt Takever? A fast grwing electrnic crime where thieves typically use sme frm f malware t btain lgin credentials t Crprate Online
More informationSTIOffice Integration Installation, FAQ and Troubleshooting
STIOffice Integratin Installatin, FAQ and Trubleshting Installatin Steps G t the wrkstatin/server n which yu have the STIDistrict Net applicatin installed. On the STI Supprt page at http://supprt.sti-k12.cm/,
More informationMerchant Processes and Procedures
Merchant Prcesses and Prcedures Table f Cntents EXHIBIT C 1. MERCHANT INTRODUCTION TO T-CHEK 3 1.1 Wh is T-Chek Systems? 3 1.2 Hw t Cntact T-Chek Systems 3 1.3 Hw t Recgnize T-Chek Frms f Payment 3 1.3.1
More informationCallRex 4.2 Installation Guide
CallRex 4.2 Installatin Guide This dcument describes hw t install CallRex 4.2. It cvers the fllwing: CallRex 4.2 Cmpnents. Server Prerequisites. Perfrming the Installatin. Changing the Accunt Used by CallRex
More informationE-Biz Web Hosting Control Panel
1 f 38 E-Biz Web Hsting Cntrl Panel This dcument has been created t give yu a useful insight in t the Hsting Cntrl Panel available with E-Biz hsting services. Please nte: Optins available are dependent
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationHelpdesk Support Tickets & Knowledgebase
Helpdesk Supprt Tickets & Knwledgebase User Guide Versin 1.0 Website: http://www.mag-extensin.cm Supprt: http://www.mag-extensin.cm/supprt Please read this user guide carefully, it will help yu eliminate
More informationWatchDox for Windows User Guide
WatchDx fr Windws User Guide Versin 3.9.7 Cnfidentiality This dcument cntains cnfidential material that is prprietary WatchDx. The infrmatin and ideas herein may nt be disclsed t any unauthrized individuals
More informationInstallation Guide Marshal Reporting Console
Installatin Guide Installatin Guide Marshal Reprting Cnsle Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 2 Sftware Prerequisites 3 Installatin Prcedures 3 Appendix: Enabling
More informationWireless Light-Level Monitoring
Wireless Light-Level Mnitring ILT1000 ILT1000 Applicatin Nte Wireless Light-Level Mnitring 1 Wireless Light-Level Mnitring ILT1000 The affrdability, accessibility, and ease f use f wireless technlgy cmbined
More informationEndpoint Protection Solution Test Plan
Endpint Prtectin Slutin Test Plan This test plan is intended t lay ut high-level guidelines fr testing and cmparing varius endpint prtectin and investigatin slutins. It specifies test envirnments, cnnectivity
More informationCopyright 2013, SafeNet, Inc. All rights reserved. http://www.safenet-inc.com/ We have attempted to make these documents complete, accurate, and
ii Cpyright 2013, SafeNet, Inc. All rights reserved. http://www.safenet-inc.cm/ We have attempted t make these dcuments cmplete, accurate, and useful, but we cannt guarantee them t be perfect. When we
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationPassword Reset for Remote Users
1 Passwrd Reset fr Remte Users Curin prvides a cmpnent fr the PasswrdCurier Passwrd Prvisining System that manages the lcal passwrd cache in cnjunctin with self-service passwrd reset activities. The slutin
More informationStarterPak: Dynamics CRM On-Premise to Dynamics Online Migration - Option 2. Version 1.0
StarterPak: Dynamics CRM On-Premise t Dynamics Online Migratin - Optin 2 Versin 1.0 1/7/2016 Imprtant Ntice N part f this publicatin may be reprduced, stred in a retrieval system, r transmitted in any
More informationService Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S
Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...
More informationReadme File. Purpose. Introduction to Data Integration Management. Oracle s Hyperion Data Integration Management Release 9.2.
Oracle s Hyperin Data Integratin Management Release 9.2.1 Readme Readme File This file cntains the fllwing sectins: Purpse... 1 Intrductin t Data Integratin Management... 1 Data Integratin Management Adapters...
More informationServ-U Distributed Architecture Guide
Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v14.0.1.0 Page 1 f 16 Intrductin Serv-U
More informationClick Studios. Passwordstate. RSA SecurID Configuration
Passwrdstate RSA SecurID Cnfiguratin This dcument and the infrmatin cntrlled therein is the prperty f Click Studis. It must nt be reprduced in whle/part, r therwise disclsed, withut prir cnsent in writing
More informationTen Steps for an Easy Install of the eg Enterprise Suite
Ten Steps fr an Easy Install f the eg Enterprise Suite (Acquire, Evaluate, and be mre Efficient!) Step 1: Dwnlad the eg Sftware; verify hardware and perating system pre-requisites Step 2: Obtain a valid
More informationExercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008
Exercise 5 Server Cnfiguratin, Web and FTP Instructins and preparatry questins Administratin f Cmputer Systems, Fall 2008 This dcument is available nline at: http://www.hh.se/te2003 Exercise 5 Server Cnfiguratin,
More informationSMART Active Directory Migrator 9.0.2. Requirements
SMART Active Directry Migratr 9.0.2 January 2016 Table f Cntents... 3 SMART Active Directry Migratr Basic Installatin... 3 Wrkstatin and Member Server System... 5 Netwrking... 5 SSL Certificate... 6 Service
More informationCSC IT practix Recommendations
CSC IT practix Recmmendatins CSC Healthcare 28th January 2014 Versin 3 www.csc.cm/glbalhealthcare Cntents 1 Imprtant infrmatin 3 2 IT Specificatins 4 2.1 Wrkstatins... 4 2.2 Minimum Server with 1-5 wrkstatins
More informationInstant Chime for IBM Sametime Quick Start Guide
Instant Chime fr IBM Sametime Quick Start Guide Fall 2014 Cpyright 2014 Instant Technlgies. All rights reserved. Cpyright and Disclaimer This dcument, as well as the sftware described in it, is furnished
More informationMcAfee Enterprise Security Manager. Data Source Configuration Guide. Infoblox NIOS. Data Source: September 2, 2014. Infoblox NIOS Page 1 of 8
McAfee Enterprise Security Manager Data Surce Cnfiguratin Guide Data Surce: Infblx NIOS September 2, 2014 Infblx NIOS Page 1 f 8 Imprtant Nte: The infrmatin cntained in this dcument is cnfidential and
More informationX7500 Series, X4500 Scanner Series MFPs: LDAP Address Book and Authentication Configuration and Basic Troubleshooting Tips
X7500 Series, X4500 Scanner Series MFPs: LDAP Address Bk and Authenticatin Cnfiguratin and Basic Trubleshting Tips Lexmark Internatinal 1 Prerequisite Infrm atin In rder t cnfigure a Lexmark MFP fr LDAP
More informationSANsymphony-V Storage Virtualization Software Installation and Getting Started Guide. February 5, 2015 www.datacore.com
SANsymphny-V Strage Virtualizatin Sftware Installatin and Getting Started Guide February 5, 2015 www.datacre.cm This dcument is the prperty f DataCre Sftware. It is intended slely as an aid fr installing
More informationexpertise hp services valupack consulting description security review service for Linux
expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS
More informationCenterPoint Accounting for Agriculture Network (Domain) Installation Instructions
CenterPint Accunting fr Agriculture Netwrk (Dmain) Installatin Instructins Dcument # Prduct Mdule Categry 2257 CenterPint CenterPint Installatin This dcument describes the dmain netwrk installatin prcess
More informationPreparing to Deploy Reflection : A Guide for System Administrators. Version 14.1
Preparing t Deply Reflectin : A Guide fr System Administratrs Versin 14.1 Table f Cntents Table f Cntents... 2 Preparing t Deply Reflectin 14.1:... 3 A Guide fr System Administratrs... 3 Overview f the
More informationSBClient and Microsoft Windows Terminal Server (Including Citrix Server)
SBClient and Micrsft Windws Terminal Server (Including Citrix Server) Cntents 1. Intrductin 2. SBClient Cmpatibility Infrmatin 3. SBClient Terminal Server Installatin Instructins 4. Reslving Perfrmance
More informationStarterPak: Dynamics CRM Opportunity To NetSuite Sales Order
StarterPak: Dynamics CRM Opprtunity T NetSuite Sales Order Versin 1.0 7/20/2015 Imprtant Ntice N part f this publicatin may be reprduced, stred in a retrieval system, r transmitted in any frm r by any
More informationImproved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1
Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues
More informationDurango Merchant Services QuickBooks SyncPay
Durang Merchant Services QuickBks SyncPay Gateway Plug-In Dcumentatin April 2011 Durang-Direct.cm 866-415-2636-1 - QuickBks Gateway Plug-In Dcumentatin... - 3 - Installatin... - 3 - Initial Setup... -
More informationRSA-Pivotal Security Big Data Reference Architecture RSA & Pivotal combine to help security teams detect threats quicker and speed up response
RSA-Pivtal Security Big Data Reference Architecture RSA & Pivtal cmbine t help security teams detect threats quicker and speed up respnse ESSENTIALS RSA and Pivtal are cmbining t help custmers get: Better
More information990 e-postcard FAQ. Is there a charge to file form 990-N (e-postcard)? No, the e-postcard system is completely free.
990 e-pstcard FAQ Fr frequently asked questins abut filing the e-pstcard that are nt listed belw, brwse the FAQ at http://epstcard.frm990.rg/frmtsfaq.asp# (cpy and paste this link t yur brwser). General
More informationThis guide is intended for administrators, who want to install, configure, and manage SAP Lumira, server for BI Platform
Hw T install SAP Lumira, server n SAP BusinessObjects BI platfrm Distributed Install Applies t: SAP Lumira, server versin fr the SAP BusinessObjects BI platfrm Summary This guide is intended fr administratrs,
More informationDiagnosis and Troubleshooting
Diagnsis and Trubleshting DataDirect Cnnect Series ODBC Drivers Intrductin This paper discusses the diagnstic tls that are available t cnfigure and trublesht yur ODBC envirnment and prvides a trubleshting
More informationInternet and E-Mail Policy User s Guide
Internet and E-Mail Plicy User s Guide Versin 2.2 supprting partnership in mental health Internet and E-Mail Plicy User s Guide Ver. 2.2-1/5 Intrductin Health and Scial Care requires a great deal f cmmunicatin
More informationTECHNICAL BULLETIN. Title: Remote Access Via Internet Date: 12/21/2011 Version: 1.1 Product: Hikvision DVR Action Required: Information Only
Title: Remte Access Via Internet Date: 12/21/2011 Versin: 1.1 Prduct: Hikvisin DVR Actin Required: Infrmatin Only The fllwing steps will guide yu thrugh the steps necessary t access yur Hikvisin DVR remtely
More informationState of Wisconsin. File Server Service Service Offering Definition
State f Wiscnsin File Server Service Service Offering Definitin Dcument Revisin Histry Date Versin Creatr Ntes 2/16/2008 1.0 JD Urfer First pass 2/16/2008 2.0 Tm Runge Editing changes 2/19/2009 2.1 Tm
More informationIT Help Desk Service Level Expectations Revised: 01/09/2012
IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+
More informationA Beginner s Guide to Building Virtual Web Servers
A Beginner s Guide t Building Virtual Web Servers Cntents Intrductin... 1 Why set up a web server?... 2 Installing Ubuntu 13.04... 2 Netwrk Set Up... 3 Installing Guest Additins... 4 Updating and Upgrading
More informationesupport Quick Start Guide
esupprt Quick Start Guide Last Updated: 5/11/10 Adirndack Slutins, Inc. Helping Yu Reach Yur Peak 908.725.8869 www.adirndackslutins.cm 1 Table f Cntents PURPOSE & INTRODUCTION... 3 HOW TO LOGIN... 3 SUBMITTING
More informationHow To Install An Orin Failver Engine On A Network With A Network Card (Orin) On A 2Gigbook (Orion) On An Ipad (Orina) Orin (Ornet) Ornet (Orn
SlarWinds Technical Reference Preparing an Orin Failver Engine Installatin Intrductin t the Orin Failver Engine... 1 General... 1 Netwrk Architecture Optins and... 3 Server Architecture Optins and... 4
More informationTraffic monitoring on ProCurve switches with sflow and InMon Traffic Sentinel
An HP PrCurve Netwrking Applicatin Nte Traffic mnitring n PrCurve switches with sflw and InMn Traffic Sentinel Cntents 1. Intrductin... 3 2. Prerequisites... 3 3. Netwrk diagram... 3 4. sflw cnfiguratin
More informationService Desk Self Service Overview
Tday s Date: 08/28/2008 Effective Date: 09/01/2008 Systems Invlved: Audience: Tpics in this Jb Aid: Backgrund: Service Desk Service Desk Self Service Overview All Service Desk Self Service Overview Service
More informationConfiguring and Monitoring Network Elements
Cnfiguring and Mnitring Netwrk Elements eg Enterprise v5.6 Restricted Rights Legend The infrmatin cntained in this dcument is cnfidential and subject t change withut ntice. N part f this dcument may be
More informationEnsuring end-to-end protection of video integrity
White paper Ensuring end-t-end prtectin f vide integrity Prepared by: Jhn Rasmussen, Senir Technical Prduct Manager, Crprate Business Unit, Milestne Systems Date: May 22, 2015 Milestne Systems Ensuring
More informationTelelink 6. Installation Manual
Telelink 6 Installatin Manual Table f cntents 1. SYSTEM REQUIREMENTS... 3 1.1. Hardware Requirements... 3 1.2. Sftware Requirements... 3 1.2.1. Platfrm... 3 1.2.1.1. Supprted Operating Systems... 3 1.2.1.2.
More informationInformation & Communications Technology ICT Security Compliance Guide (Student)
Infrmatin & Cmmunicatins Technlgy ICT Security Cmpliance Guide (Student) RESTRICTED Dcument ID: ICT-SSG Versin 1.1 Effective Date 1 Nv 2011 Dcument Cntrl Revisin Histry Versin Date Descriptin Authr 1.0
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationUser Guide. Excel Data Management Pack (EDM-Pack) OnCommand Workflow Automation (WFA) Abstract PROFESSIONAL SERVICES. Date: December 2015
PROFESSIONAL SERVICES User Guide OnCmmand Wrkflw Autmatin (WFA) Excel Data Management Pack (EDM-Pack) Date: December 2015 Dcument Versin: 1.0.0 Abstract The EDM-Pack includes a general-purpse Data Surce
More informationBest Practice - Pentaho BA for High Availability
Best Practice - Pentah BA fr High Availability This page intentinally left blank. Cntents Overview... 1 Pentah Server High Availability Intrductin... 2 Prerequisites... 3 Pint Each Server t Same Database
More informationLicensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite
Vlume Licensing brief Licensing the Cre Client Access License (CAL) Suite and Enterprise CAL Suite Table f Cntents This brief applies t all Micrsft Vlume Licensing prgrams. Summary... 1 What s New in This
More informationUsing PayPal Website Payments Pro UK with ProductCart
Using PayPal Website Payments Pr UK with PrductCart Overview... 2 Abut PayPal Website Payments Pr & Express Checkut... 2 What is Website Payments Pr?... 2 Website Payments Pr and Website Payments Standard...
More informationE2E Express 3.0. Requirements
E2E Express 3.0 Requirements February 2016 Table f Cntents Requirements... 3 Hardware Prerequisites... 3 General Installatin Requirements... 3 Netwrk Requirement... 4 SQL Server Installatin Requirements...
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationCopyrights and Trademarks
Cpyrights and Trademarks Sage One Accunting Cnversin Manual 1 Cpyrights and Trademarks Cpyrights and Trademarks Cpyrights and Trademarks Cpyright 2002-2014 by Us. We hereby acknwledge the cpyrights and
More informationFOCUS Service Management Software Version 8.5 for Passport Business Solutions Installation Instructions
FOCUS Service Management Sftware fr Passprt Business Slutins Installatin Instructins Thank yu fr purchasing Fcus Service Management Sftware frm RTM Cmputer Slutins. This bklet f installatin instructins
More informationRUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer
RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible
More informationPlus500CY Ltd. Statement on Privacy and Cookie Policy
Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and
More informationTaskCentre v4.5 Send Message (SMTP) Tool White Paper
TaskCentre v4.5 Send Message (SMTP) Tl White Paper Dcument Number: PD500-03-17-1_0-WP Orbis Sftware Limited 2010 Table f Cntents COPYRIGHT 1 TRADEMARKS 1 INTRODUCTION 2 Overview 2 FEATURES 2 GLOBAL CONFIGURATION
More informationThe Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future
The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents
More informationSPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010
OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity
More informationOutpost Pro PC security products
Outpst PRO security prducts Datasheet versin 8.0 Page 1 [EN] Outpst Pr PC security prducts Antivirus, Firewall, Security Suite Versin 8.0 The Outpst Pr prduct line, including Outpst Antivirus Pr, Outpst
More informationAvePoint High Speed Migration Supplementary Tools
AvePint High Speed Migratin Supplementary Tls User Guide Issued April 2016 1 Table f Cntents Intrductin... 3 MD5 Value Generatr Tl... 3 Azure Data Uplad Tl... 3 Dwnlading and Unpacking the Tl... 4 Using
More informationInstructions for Configuring a SAFARI Montage Managed Home Access Expansion Server
Instructins fr Cnfiguring a SAFARI Mntage Managed Hme Access Expansin Server ~ Please read these instructins in their entirety befre yu begin. ~ These instructins explain hw t add a SAFARI Mntage Managed
More informationViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation
ViPNet VPN in Cisc Envirnment Supplement t ViPNet Dcumentatin 1991 2015 Inftecs Americas. All rights reserved. Versin: 00121-04 90 02 ENU This dcument is included in the sftware distributin kit and is
More informationKronoDesk Migration and Integration Guide Inflectra Corporation
/ KrnDesk Migratin and Integratin Guide Inflectra Crpratin Date: September 24th, 2015 0B Intrductin... 1 1B1. Imprting frm Micrsft Excel... 2 6B1.1. Installing the Micrsft Excel Add-In... 2 7B1.1. Cnnecting
More informationIntelligent Monitoring Configuration Tool
Intelligent Mnitring Cnfiguratin Tl Release Ntes Sftware Versin 1.0 and abve EZPlugger 2004 Sny Crpratin COPYRIGHT NOTICE 2004 Sny Crpratin. All rights reserved. This manual may nt be reprduced, translated
More informationOptimal Payments Extension. Supporting Documentation for the Extension Package. 20140225 v1.1
Optimal Payments Extensin Supprting Dcumentatin fr the Extensin Package 20140225 v1.1 Revisin Histry v1.1 Updated Demac Media branding v1.0 Initial Dcument fr Distributin supprt@ptimalpayments.cm Page
More informationOften people have questions about new or enhanced services. This is a list of commonly asked questions and answers regarding our new WebMail format.
Municipal Service Cmmissin Gerald P. Cle Frederick C. DeLisle Thmas M. Kaul Gregry L. Riggle Stanley A. Rutkwski Electric, Steam, Water Cable Televisin and High Speed Internet Service since 1889 Melanie
More informationo 1.1 - How AD Query Works o 1.2 - Installation Requirements o 2.1 - Inserting your License Key o 2.2 - Selecting and Changing your Search Domain
SysOp Tls Active Directry Management sftware Active Directry Query v1.x Sftware Installatin and User Guide Updated September 29, 2008 In This Dcument: 1.0 Intrductin 1.1 - Hw AD Query Wrks 1.2 - Installatin
More informationUnderstand Business Continuity
Understand Business Cntinuity Lessn Overview In this lessn, yu will learn abut: Business cntinuity Data redundancy Data availability Disaster recvery Anticipatry Set What methds can be emplyed by a system
More informationCitrix XenServer from HP Getting Started Guide
Citrix XenServer frm HP Getting Started Guide Overview This guide utlines the basic setup, installatin, and cnfiguratin steps required t begin using yur Citrix XenServer frm HP. A first time wizard-based
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationClient Website Proposal, Quotation and Agreement (as dated)
Client Website Prpsal, Qutatin and Agreement (as dated) Dr Mat Mackenzie www.matmackenzie.c.uk mat@matmackenzie.c.uk 07967 964178 01303 770340 1. Intrductin Client needs and summary f prpsed slutin. 2.
More informationOracle Cloud Enterprise Hosting and Delivery Policies
Oracle Clud Enterprise Hsting and Delivery Plicies Statement f Changes Versin 1.5, 6/01/2015 This dcument utlines changes made t the Oracle Clud Enterprise Hsting and Delivery Plicies dated December 1,
More informationAttachment 2 BID PROPOSAL SUBMISSION GUIDE OCTOBER 2014 SOLICITATION
Attachment 2 BID PROPOSAL SUBMISSION GUIDE OCTOBER 2014 SOLICITATION 1. Cntact Us If yu encunter difficulties in submitting yur Bid Prpsals nline, please cntact us: 2. Intrductin The PPL Electric RFP Team
More informationLevel 1 Technical. RealPresence Web Suite and Web Suite Pro. Contents
Level 1 Technical RealPresence Web Suite and Web Suite Pr Cntents 1 - Glssary... 2 2 Features... 3 RealPresence Platfrm integratin... 3 RealPresence Web Suite Sftware... 3 Sftware Keys... 3 3 - Web Client
More informationNetwork Intrusion Detection
Netwrk Intrusin Detectin Best f Breed Prtectin with SNORT Implementing Snrt Snrt can be readily implemented with the help f a special Linux distributin named Sentinix (http://www.sentinix.rg). Wait a minute,
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationAdobe Sign. Enabling Single Sign-On with SAML Reference Guide
Enabling Single Sign-On with SAML Reference Guide 2016 Adbe Systems Incrprated. All Rights Reserved. Prducts mentined in this dcument, such as the services f identity prviders Micrsft Active Directry Federatin,
More informationHow To Install Fcus Service Management Software On A Pc Or Macbook
FOCUS Service Management Sftware Versin 8.4 fr Passprt Business Slutins Installatin Instructins Thank yu fr purchasing Fcus Service Management Sftware frm RTM Cmputer Slutins. This bklet f installatin
More informationIntroduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE. 2015 Savision B.V. savision.com All rights reserved.
Rev 7.5.0 Intrductin 2 LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE 2015 Savisin B.V. savisin.cm All rights reserved. This manual, as well as the sftware described in it, is furnished under license and
More information