Yesterday Symantec Security Response reported about a new trojan named Ratopak which was used in targeted attacks against Russian banks.
According to Symantec: "Trojan.Ratopak was likely used because it can allow the attacker to gain control of the compromised computer and steal information. The threat can open a back door on the computer and allow the attacker to perform a variety of actions, including logging keystrokes, retrieving clipboard data, and viewing and controlling the screen. It can also be used to download other malicious files and tools. The narrow focus of the attacks and the use of Ratopak could be a hint to what the attackers were after."
Our team have taken this new Trojan into our lab and run it on a station protected by Minerva.
As expected, Ratopak's execution was prevented instantly and was notified to our management server. The generated notification can be seen in the image below:
Once again, Minerva's Prevention without Detection paradigm has proven itself successful!
Minerva – zero-day will wait for tomorrow
Meet Minerva Labs at RSA Conference 2016
San Francisco, Feb 29th - Mar 4th, 2016
Will be glad to see you at South Hall, Booth #2638.