Malware Gh0st RAT is a Trojan program for Windows, which is used primarily to attack government agencies, political activists and other political goals; Nitol backdoor is the same as the ADODB.Stream ActiveX Object that affects legacy Internet Explorer. Implementation of the vulnerability.
The hacker spread Nitol back door and malware Gh0st RAT used by the technology and blackmail the software WannaCry is more similar. Once the machine is successfully infected, the malicious program will first automatically open a shell and write instructions to the VBScript file, and then execute the program to obtain another server in the payload.
Figure: EternalBlue “Eternal Blue” utilization mechanism
Researchers have now detected some malicious samples in Singapore and South Asia. Security experts predict that in the next few weeks or months, or there will be more attackers using different payload will Nitol back door and malicious software Gh0st RAT spread to the rest of the world. Security experts recommend that users in addition to the system and the network for routine patch management, the system administrator also need to enable intrusion detection and prevention system, disable obsolete or unnecessary protocol and port, take the initiative to monitor network traffic, protection endpoint and deployment of security mechanisms.
FireEye detailed study report please poke here .