https://www.us-cert.gov/ncas/alerts/TA14-329A


https://www.us-cert.gov/ncas/alerts/TA14-329A.

Alert (TA14-329A)

Regin Malware

Original release date: November 25, 2014
Microsoft Windows NT, 2000, XP, Vista, and 7

Overview

On November 24, 2014, Symantec released a report on Regin, a sophisticated backdoor Trojan used to conduct intelligence-gathering campaigns. At this time, the Regin campaign has not been identified targeting any organizations within the United States.

Description

Regin is a multi-staged, modular threat—meaning it has a number of components, each dependent on others to perform an attack. Each of the five stages is hidden and encrypted, with the exception of the first stage. The modular design poses difficulties to analysis, as all components must be available in order to fully understand the Trojan.

Impact

Regin is a remote access Trojan (RAT), able to take control of input devices, capture credentials, monitor network traffic, and gather information on processes and memory utilization. The complex design provides flexibility to actors, as they can load custom features tailored to individual targets. [1(link is external)]

Solution

Users and administrators are recommended to take the following preventive measures to protect their computer networks:

  • Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information). [2(link is external)]
  • Keep your operating system and application software up-to-date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).

The following is a list of the Indicators of Compromise (IOCs) that can be added to network security solutions to determine whether they are present on a network.

MD5s: [1(link is external)]

Stage 1 files, 32 bit:

06665b96e293b23acc80451abb413e50

187044596bc1328efa0ed636d8aa4a5c

1c024e599ac055312a4ab75b3950040a

2c8b9d2885543d7ade3cae98225e263b

4b6b86c7fec1c574706cecedf44abded

6662c390b2bbbd291ec7987388fc75d7

b269894f434657db2b15949641a67532

b29ca4f22ae7b7b25f79c1d4a421139d

b505d65721bb2453d5039a389113b566

26297dc3cd0b688de3b846983c5385e5

ba7bb65634ce1e30c1e5415be3d1db1d

bfbe8c3ee78750c3a520480700e440f8

d240f06e98c8d3e647cbf4d442d79475

ffb0b9b5b610191051a7bdf0806e1e47

Unusual stage 1 files apparently compiled from various public source codes merged with malicious code:

01c2f321b6bfdb9473c079b0797567ba

47d0e8f9d7a6429920329207a32ecc2e

744c07e886497f7b68f6f7fe57b7ab54

db405ad775ac887a337b02ea8b07fddc

Stage 1, 64-bit system infection:

bddf5afbea2d0eed77f2ad4e9a4f044d

c053a0a3f1edcbbfc9b51bc640e808ce

e63422e458afdfe111bd0b87c1e9772c

Stage 2, 32 bit:

18d4898d82fcb290dfed2a9f70d66833

b9e4f9d32ce59e7c4daf6b237c330e25

Stage 2, 64 bit:

d446b1ed24dad48311f287f3c65aeb80

Stage 3, 32 bit:

8486ec3112e322f9f468bdea3005d7b5

da03648948475b2d0e3e2345d7a9bbbb

Stage 4, 32 bit:

1e4076caa08e41a5befc52efd74819ea

68297fde98e9c0c29cecc0ebf38bde95

6cf5dc32e1f6959e7354e85101ec219a

885dcd517faf9fac655b8da66315462d

a1d727340158ec0af81a845abd3963c1

Stage 4, 64 bit:

de3547375fbf5f4cb4b14d53f413c503

Note: Stages 2, 3, and 4 do not appear on infected systems as real files on disk. Hashes are provided for research purposes only.

Registry branches used to store malware stages 2 and 3:

\REGISTRY\Machine\System\CurrentControlSet\Control\RestoreList

\REGISTRY\Machine\System\CurrentControlSet\Control\Class\{39399744-44FC-AD65-474B-E4DDF-8C7FB97}

\REGISTRY\Machine\System\CurrentControlSet\Control\Class\{3F90B1B4-58E2-251E-6FFE-4D38C5631A04}

\REGISTRY\Machine\System\CurrentControlSet\Control\Class\{4F20E605-9452-4787-B793-D0204917CA58}

\REGISTRY\Machine\System\CurrentControlSet\Control\Class\{9B9A8ADB-8864-4BC4-8AD5-B17DFDBB9F58}

IP IOCs [3(link is external)]:

61.67.114.73

202.71.144.113

203.199.89.80

194.183.237.145

References

Revisions

  • November 25, 2014: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.

Frequently Asked Questions about Autism Spectrum Diagnosis | Interactive Autism Network


Frequently Asked Questions about Autism Spectrum Diagnosis | Interactive Autism Network.

via Frequently Asked Questions about Autism Spectrum Diagnosis | Interactive Autism Network.

FREQUENTLY ASKED QUESTIONS ABOUT AUTISM SPECTRUM DIAGNOSIS

Catherine Lord, Ph.D.
Director, Center for Autism and the Developing Brain
DeWitt Wallace Senior Scholar
Professor of Psychology in Psychiatry and Pediatrics
Weill Cornell Medical College/NewYork-Presbyterian Hospital
Date Last Revised:
November 10, 2014
Date Published:
April 9, 2007

Dr. Lord served on the Neurodevelopmental Disorders Work Group that developed the new definition of autism spectrum disorder for the fifth edition of the Diagnostic and Statistical Manual of Mental Disorders (DSM-5), which was published in 2013 by the American Psychiatric Association.

WHAT IS A DIAGNOSIS?

A diagnosis is a categorical term that describes a group of behaviors or characteristics that, in most cases, are linked with a particular disease or disorder through cause, trajectory and effective treatments.

HOW IS A DIAGNOSIS OF AUTISM SPECTRUM DISORDER (ASD) DIFFERENT FROM OTHER DIAGNOSES?

Because we do not know the causes, ASD diagnoses are based purely on observations or reports of behaviors. Unlike many medical syndromes, ASD is not a disease. It is not contagious and is not yet treatable through medication (though medicine can help some symptoms). It is a developmental disorder that reflects differences in the way that children develop from very early on (from infancy and toddlerhood) and that usually continue to affect development into adulthood. The primary treatments are educational (e.g., teaching individuals with ASD ways to…

Harlech friends’ cancer ‘cluster’ study call – UK Wired News


Harlech friends’ cancer ‘cluster’ study call – UK Wired News.

Cancer experts have called for more research after four friends brought up in the same part of Gwynedd were diagnosed with aggressive brain tumours in the last two years.

One of the men died in June and an oncologist treating them said the Ardudwy cluster was of “concern”.

Another expert told BBC Radio Cymru it indicated it had “significance”.

…..

Meet Richard A. Montoni – The Five Million Dollar Maximus Boss Here To Fleece The UK’s Benefits System


Originally posted on the void:

No wonder the cunt’s smiling.

Richard A. Montoni – the boss of US firm Maximus who will soon be carrying out the despised assessments for sickness and disability benefits – received a salary and compensation package worth over a staggering five million dollars in 2013.

Maximus specialise in outsourced government contracts.  They already run Iain Duncan Smith’s disastrous Work Programme in some parts of the UK, along with a new scheme to harass people on sick leave by declaring them fit to return to work on the back of a short phone call.  As well as operating in the US, Canada and Australia, Maximus also have a welfare-to-work contract with the Saudi Arabian government – where women are segregated in the workplace and forbidden from carrying out many jobs.  From March next year they will take over from Atos running the Work Capability Assessments (WCAs) designed to strip…

View original 260 more words

I know you’re trying to be nice… | Scope’s Blog


I know you’re trying to be nice… | Scope’s Blog.

Support online

I joined Scope’s online forum soon after Lucia was diagnosed, and it has been brilliant. Sometimes, when Lucia is ill or tired, we do feel sorry for ourselves, and having other parents to talk to and keep us positive is a huge help. You can also pick people’s brains for practical advice on things like special needs statements, disabled badges and mobility aids. We were very unsure about getting a wheelchair for Lucia, but people on the forum said to go for it – and it has been amazing. It has really improved our quality of life.

I know you’re trying to be nice…


Originally posted on Scope's Blog:

Guest post by Amanda from Stockport, whose six-year-old daughter Lucia has cerebral palsy. Here she talks about how people’s attitudes can make life awkward for her family.

Amanda and her husband Anthony with Lucia, Georgia and Roman

Amanda and her husband Anthony with Lucia, Georgia and Roman

The moment other parents hear that Lucia has cerebral palsy, we have to deal with their preconceptions about what disabled people are like. We get people talking loudly and slowly, and people saying ‘What’s wrong with her?’ The answer is that nothing is wrong with Lucia. She just has cerebral palsy, and sometimes uses a wheelchair to get around. ‘Lucia’s wobbly legs’, as our other two children, Roman and Georgia, describe it! You get almost pitying looks from other parents – and you know, I wouldn’t change Lucia for the world.

Support online

I joined Scope’s online forum soon after Lucia was diagnosed, and it has been brilliant. Sometimes, when Lucia is ill or tired, we do feel…

View original 248 more words