Havex SCADA RAT Summary Report: Analyst Feedback and Remediations
Oh yeah, get prepared. The CrowdStrike Global Threat Report provides insight on the Havex SCADA RAT which has been targeting SCADA environments.
The Havex RAT is used to target companies which are active in the energy sector.
- HAVEX RAT
- SYSMAIN RAT
Although the attackers appear to focus primarily on victims in the energy sector, other verticals are affected. CrowdStrike has observed compromised hosts in:
- European government;
- European, U.S., and Asian academia;
- European, U.S., and Middle Eastern manufacturing and construction industries;
- European defense contractors;
- European energy providers;
- U.S. healthcare providers;
- European IT providers;
- European precision machinery tool manufacturers; and research institutes
The researchers from MalwareMustDie have published a PasteBin which provides insight on the infected environments and it shows how the Havex SCADA RAT infected her targets.
Havex live environments
Download the FULL CrowdStrike PDF (Mirror on Cyberwarzone: CrowdStrike_Global_Threat_Report_2013)
PasteBin files:
- http://pastebin.com/raw.php?i=qCdMwtZ6
- http://pastebin.com/2x1JinJd
Known Havex MD5 hashes
Filename found sample:
- TmProvider.dll
