Bird_banner_small4
Trojan.Win32.Bergard.A
TSL ID TSL20150218-02
Severity Moderate
Description

Trojan.Win32.Bergard.A is a Trojan that targets the Windows platform. It is reported that this malware has been used in a watering hole attack against US Defense and Financial Services firms, where it was hosted on the compromised Forbes.com website. It is dropped onto a victim system via exploitation of the vulnerability identified by CVE-2014-9163, through a vulnerable Adobe Flash player. It is reported that exploitation of the vulnerability identified by CVE-2015-0071 may also be used in the attack. The malware contacts a remote server and identifies itself by sending various system information. Moreover, it receives control commands to download & execute files and send information. Furthermore, it modifies the Registry for the purpose of establishing persistence upon system restarts.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 0AA65BE08DCBD000EE075017DB3E34E2
SHA1:
  • A133FAE2E497198E1C9381B981392B04B254A204
References http://www.invincea.com/2015/02/chinese-espionage-campaign-compromises-forbes/
http://www.virusradar.com/en/Win32_Bergard.A/description
Related Threats TSL20150210-28 - Microsoft Internet Explorer CVE-2015-0071 Policy Bypass
TSL20141209-27 - Adobe Flash parseFloat Stack Buffer Overflow