KURTON (616c7c32-110e-4bb3-8e99-4c2aeb8f8272)
This family of malware is a backdoor that tunnels its connection through a preconfigured proxy. The malware communicates with a remote command and control server over HTTPS via the proxy. The malware installs itself as a Windows service with a service name supplied by the attacker but defaults to IPRIP if no service name is provided during install.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Kurton (1fc49b8c-647a-4484-a2f6-e6f2311f8b58) | Malpedia | KURTON (616c7c32-110e-4bb3-8e99-4c2aeb8f8272) | Tool | 1 |