![]() 18:11:47.970 ( Show Process)įound malicious artifacts related to "195.149.225.198" (ASN: 29522, Owner: Krakowskie e-Centrum Informatyczne JUMP). Tries to sleep for a long time (more than two minutes)ĭetected alert "ET TROJAN WS/JS Downloader M1" (SID: 2024035, Rev: 3, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)ĭetected alert "ET POLICY PE EXE or DLL Windows file download HTTP" (SID: 2018959, Rev: 3, Severity: 1) categorized as "Potential Corporate Privacy Violation"ĭetected alert "ET TROJAN Sharik/Smoke Loader Microsoft Connectivity check" (SID: 2018677, Rev: 3, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)ĭetected alert "ET TROJAN Sharik/Smoke Loader Adobe Connectivity check" (SID: 2018676, Rev: 4, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)ĭetected alert "ET TROJAN Sharik/Smoke Loader Java Connectivity Check" (SID: 2022026, Rev: 3, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)ĭetected alert "ETPRO TROJAN Sharik/Smoke Checkin 2" (SID: 2821148, Rev: 4, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)ĭetected alert "ETPRO TROJAN WIN32/KOVTER.B Checkin 2" (SID: 2810582, Rev: 6, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)ĭetected alert "ET TROJAN Sharik/Smoke Loader Microsoft Connectivity Check" (SID: 2022124, Rev: 6, Severity: 1) categorized as "A Network Trojan was detected" (Backdoor, ransomware, trojans, etc.)Ĭontains ability to start/interact with device drivers Reads the registry for VMWare specific artifacts Possibly checks for the presence of an Antivirus engine ![]() May try to detect DeepFreeze frozen state Persists itself using auto-execute at a hidden registry location Modifies auto-execute functionality by setting/creating a value in the registry Touched instant messenger related registry keys Scans for artifacts that may help identify the target Reads terminal service related keys (often RDP related) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |