Backdoor.APT.Aumlib Description

Backdoor.APT.Aumlib is a backdoor Trojan, which is a component of a malware campaigns launched by New York Times Chinese hackers. Backdoor.APT.Aumlib can circumvent the existing intrusion detection system (IDS) signatures created to detect older variants of the Aumlib family. Backdoor.APT.Aumlib is improved to encode HTTP communication and use new network traffic patterns respectively in an effort to evade detection by security tools. Backdoor.APT.Aumlib involves a new POST request, and the POST body is encoded unlike earlier versions where the request was transferred in the clear.