搜索

[14646] 2019-09-30_StealthFalcon黑客组织无文件后门分析

文档创建者:s7ckTeam
浏览次数:19
最后更新:2025-01-18
2019-09-30_StealthFalcon黑客组织无文件后门分析 S t e a l t h   F a l c o n K r i s t o n   F r e e B u f   2 0 1 9 - 0 9 - 3 0 S t e a l t h   F a l c o n 2 0 1 2 c i t i z e n   l a b 2 0 1 6 2 0 1 9 1 R a v e n S t e a l t h   F a l c o n S t e a l t h   F a l c o n R a v e n c i t i z e n   l a b p o w e r s h e l l w i n 3 2 / s t e a l t h f a c o n p o w e r s h e l l w i n 3 2 / s t e a l t h f e l c o n S t e a l t h   F a l c o n W i n 3 2 / S t e a l t h F a l c o n 2 0 1 5 C & C C & C W i n 3 2 / S t e a l t h F a l c o n 使 W i n d o w s B a c k g r o u n d   I n t e l l i g e n t   T r a n s f e r S e r v i c e B I T S B I T S 使 a p i B I T S c o m B I T S 怀 w i n 3 2 / s t e a l t h f a l c o n c & c
C & C w i n 3 2 / s t e a l t h f a l c o n d l l w i n * . d l l s t d * . d l l w i n 3 2 / s t e a l t h f a l c o n h k e y _ c u r r e n t _ u s e r s o f t w a r e m i c r o s o f t w i n d o w s c u r r e n t v e r s i o n s h e l l   e x t e n s i o n s 3 0 0 使
  S t e a l t h   F a l c o n C i t i z e n   L a b w i n 3 2 / S t e a l t h F a l c o n p o w e r s h e l l C & C C i t i z e n   L a b w i n d o w s e a r c h c a c h e [ . ] c o m C 2 w i n 3 2 / S t e a l t 使 I D / I D 使 r c 4 c & c 使 h t t p s C & C 使 W i n d o w s   B I T S S t e a l t h   F a l c o n w i n 3 2 / S t e a l t h F a l c o n
I o C s S H A - 1 3 1 B 5 4 A E B D A F 5 F B C 7 3 A 6 6 A * * 1 C C B 3 5 9 4 3 C C 9 B 7 F 7 2 5 0 9 7 3 A 3 F C 5 7 D 7 0 C 7 9 1 1 F 7 A 9 5 2 3 5 6 1 8 8 B 9 9 3 9 E 5 6 B 2 4 4 E B 6 2 B 9 A C 3 0 9 3 4 0 9 8 C A 4 2 0 4 4 4 7 4 4 0 D 6 F * * E 2 5 9 5 C 8 F 8 3 C * * F F 5 7 E 7 C 6 7 9 2 5 D F 4 D 9 D A A B E 5 D 0 C C 0 7 E 2 R * *   k e y s 2 5 8 A 4 A 9 D 1 3 9 8 2 3 F 5 5 D 7 B 9 D A 1 8 2 5 D 1 0 1 1 0 7 F B F 8 8 6 3 4 A 8 7 0 D E 9 8 0 0 5 8 0 D A D 5 5 6 B A 3 2 5 1 9 D B 0 F F E C 6 0 4 D 6 C 9 A 6 5 5 C F 5 6 B 9 8 E D C E 1 0 4 0 5 D E 3 6 8 1 0 B C 3 D C F 1 2 5 C D E 3 0 B A 5 A 2 3 E D B 6 E A 7 7 C D 0 9 8 7 6 6 8 B 3 6 0 3 6 5 D 5 F 3 9 F D C F 6 B 3 6 6 D 0 D E A C 9 E C E 5 A D C 6 F F D 2 0 2 2 7 F 6 8 D F F D E 7 7 A 3 9 F 3 A F 4 6 D 0 C E 0 B 8 4 A 1 8 9 D B 2 5 A 2 A 0 F E F D 7 1 A 0 C D 0 0 5 4 D 8 E 0 D 6 0 A B 0 8 D E M a l w a r e   f i l e   n a m e s I m a g e I n d e x e r . d l l W i n d o w s B a c k u p . d l l W i n d o w s S e a r c h C a c h e . d l l J a v a U s e r U p d a t e r . d l l L o g   f i l e   n a m e   p a t t e r n s % T E M P % d s c * % T E M P % s l d * % T E M P % p l x * R e g i s t r y   k e y s / v a l u e s H K E Y _ C U R R E N T _ U S E R S o f t w a r e M i c r o s o f t W i n d o w s C u r r e n t V e r s i o n S h e l l   E x t e n s i o n s X - M R U L i s t X - M R U D a t a X - F o n t D i s p o s i t i o n X - I c o n D i s p o s i t i o n X - I c o n P o s i t i o n X - P o p u p P o s i t i o n
X   i s   t h e   m a l w a r e s   f i l e n a m e   ( w i t h o u t   e x t e n s i o n ) M I T R E   A T T & C K
* w e l i v e s e c u r i t y K r i s t o n F r e e B u f . C O M

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理