![]() ![]() ![]() Sample was identified as malicious by at least one Antivirus engineįound malicious artifacts related to "194.54.82.142". HTTP request contains Base64 encoded artifactsĭetected alert "ET P2P BitTorrent DHT ping request" (SID: 2008581, Rev: 3, Severity: 1) categorized as "Potential Corporate Privacy Violation"ĭetected alert "ET CNC Feodo Tracker Reported CnC Server group 6" (SID: 2404305, Rev: 5084, Severity: 1) categorized as "A Network Trojan was detected"ĭetected alert "ET P2P possible torrent download" (SID: 2007727, Rev: 8, Severity: 1) categorized as "Potential Corporate Privacy Violation"ĭetected alert "ET P2P Vuze BT UDP Connection (5)" (SID: 2010144, Rev: 6, Severity: 1) categorized as "Potential Corporate Privacy Violation"ĭetected alert "ET P2P BitTorrent - Torrent File Downloaded" (SID: 2014734, Rev: 5, Severity: 1) categorized as "Potential Corporate Privacy Violation"ĭetected alert "GPL P2P BitTorrent announce request" (SID: 2102180, Rev: 5, Severity: 1) categorized as "Potential Corporate Privacy Violation"ĭetected alert "ET P2P BitTorrent DHT announce_peers request" (SID: 2008585, Rev: 4, Severity: 1) categorized as "Potential Corporate Privacy Violation"ĭetected alert "GPL P2P BitTorrent transfer" (SID: 2102181, Rev: 3, Severity: 1) categorized as "Potential Corporate Privacy Violation"ĭetected alert "ET P2P BitTorrent peer sync" (SID: 2000334, Rev: 13, Severity: 1) categorized as "Potential Corporate Privacy Violation" Sends network traffic on a port typically used by trojan horsesĬommand and control (C2) information is encoded using a standard data encoding system. Reads terminal service related keys (often RDP related)Īdversaries may communicate over a commonly used port to bypass firewalls or network detection systems and to blend with normal network activity to avoid more detailed inspection.Īdversaries may conduct C2 communications over a non-standard port to bypass proxies and firewalls that have been improperly configured. Remote desktop is a common feature in operating systems. Queries volume information of an entire harddrive Reads information about supported languagesĪdversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Software packing is a method of compressing or encrypting an executable.Īdversaries may attempt to get a listing of open application windows.Īdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. Process injection is a method of executing arbitrary code in the address space of a separate live process.Īdversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in ] and ]. Opens the Kernel Security Device Driver (KsecDD) of Windows Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |