2018.09.10.LuckyMouse

2024-06-20 14:00:08 +00:00 · 2018-09-11 08:31:32 +08:00 · 2018-09-11 08:31:32 +08:00 · b90945ef7e
commit b90945ef7e
parent 506f6de373
3 changed files with 15 additions and 0 deletions
--- a/2018/2018.09.10.LuckyMouse/LuckyMouse.pdf
+++ b/2018/2018.09.10.LuckyMouse/LuckyMouse.pdf
--- a/2018/2018.09.10.LuckyMouse/hash.txt
+++ b/2018/2018.09.10.LuckyMouse/hash.txt
@ -0,0 +1,14 @@
+Droppers-installers
+9dc209f66da77858e362e624d0be86b3
+dacedff98035f80711c61bc47e83b61d
+
+Drivers
+8e6d87eadb27b74852bd5a19062e52ed
+d21de00f981bb6b5094f9c3dfa0be533
+a2eb59414823ae00d53ca05272168006
+493167e85e45363d09495d0841c30648
+ad07b44578fa47e7de0df42a8b7f8d2d
+
+Auxiliary Earthworm SOCKS tunneler and Scanline network scanner
+83c5ff660f2900677e537f9500579965
+3a97d9b6f17754dcd38ca7fc89caab04
--- a/README.md
+++ b/README.md
@ -16,6 +16,7 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
 * [APT search](https://cse.google.com/cse/publicurl?cx=003248445720253387346:turlh5vi4xc)

 ## 2018
+* Sep 10 - [[Kaspersky] LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company](https://securelist.com/luckymouse-ndisproxy-driver/87914) | [Local](../../blob/master/2018/2018.08.28.CeidPageLock)
 * Sep 04 - [[Palo Alto Network] OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE](https://researchcenter.paloaltonetworks.com/2018/09/unit42-oilrig-targets-middle-eastern-government-adds-evasion-techniques-oopsie/) | [Local](../../blob/master/2018/2018.09.04.OilRig_Targets_Middle_Eastern)
 * Aug 28 - [[CheckPoint] CeidPageLock: A Chinese RootKit](https://research.checkpoint.com/ceidpagelock-a-chinese-rootkit/) | [Local](../../blob/master/2018/2018.08.28.CeidPageLock)
 * Aug 23 - [[Kaspersky] Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware](https://securelist.com/operation-applejeus/87553/) | [Local](../../blob/master/2018/2018.08.23.Operation_AppleJeus)