TSL ID TSL20150218-02
Severity Moderate

Trojan.Win32.Bergard.A is a Trojan that targets the Windows platform. It is reported that this malware has been used in a watering hole attack against US Defense and Financial Services firms, where it was hosted on the compromised website. It is dropped onto a victim system via exploitation of the vulnerability identified by CVE-2014-9163, through a vulnerable Adobe Flash player. It is reported that exploitation of the vulnerability identified by CVE-2015-0071 may also be used in the attack. The malware contacts a remote server and identifies itself by sending various system information. Moreover, it receives control commands to download & execute files and send information. Furthermore, it modifies the Registry for the purpose of establishing persistence upon system restarts.

Affected Products
  • Microsoft Windows All Versions
File Hashes
  • 0AA65BE08DCBD000EE075017DB3E34E2
  • A133FAE2E497198E1C9381B981392B04B254A204
Related Threats TSL20150210-28 - Microsoft Internet Explorer CVE-2015-0071 Policy Bypass
TSL20141209-27 - Adobe Flash parseFloat Stack Buffer Overflow