Red October – Indicators of compromise

21 Jan 2013

minute read

Authors

GReAT

Since our announcement about “Red October”, we’ve received a lot of questions on how to quickly identify compromised systems.

That’s why together with our partner Alienvault we’ve decided to put together a small whitepaper for CERTs and system administrators which can help identify and mitigate the attack.

The small whitepaper includes summarized information about malware’s known locations in infected systems, command and control domains and servers, snort rules, RC4 encryption keys, passwords and an industry standard IOC file with all these informations.

At the moment, our sinkhole is still registering traffic from 36 infected victims in several countries. We hope the information will help CERTs and admins to successfully identify and eradicate the infections.

Download the whitepaper: “Red October – Indicators of compromise”

Authors

GReAT

Red October – Indicators of compromise

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Posts

Latest Webinars

Reports

Kaspersky discloses new tools and techniques discovered in 2025 Tomiris activities: multi-language reverse shells, Havoc and AdaptixC2 open-source frameworks, communications via Discord and Telegram.

Kaspersky experts analyze the ToddyCat APT attacks targeting corporate email. We examine the new version of TomBerBil, the TCSectorCopy and XstReader tools, and methods for stealing access tokens from Outlook.

Kaspersky GReAT experts dive deep into the BlueNoroff APT’s GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

Red October – Indicators of compromise

GReAT Ideas. Balalaika Edition

GReAT Ideas. Green Tea Edition

GReAT Ideas. Powered by SAS: malware attribution and next-gen IoT honeypots

GReAT Ideas. Powered by SAS: threat actors advance on new fronts

GReAT Ideas. Powered by SAS: threat hunting and new techniques

Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution

GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

APT trends report Q3 2024

Сrimeware and financial cyberthreats in 2025

Mem3nt0 mori – The Hacking Team is back!

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Beyond the Surface: the evolution and expansion of the SideWinder APT group

BlindEagle flying high in Latin America

Latest Posts

ToddyCat: your hidden email assistant. Part 1

Inside the dark web job market

Blockchain and Node.js abused by Tsundere: an emerging botnet

IT threat evolution in Q3 2025. Mobile statistics

Latest Webinars

Fortify your mobile protection: Building customer trust with advanced security

Unmasking email dangers: Detecting and defending against mail threats

Kaspersky Scan Engine: Built to integrate, engineered to protect

Kaspersky’s way of cloud workload protection

Reports

Tomiris wreaks Havoc: New tools and techniques of the APT group

ToddyCat: your hidden email assistant. Part 1

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs

Mem3nt0 mori – The Hacking Team is back!

Subscribe to our weekly e-mails