加密勒索

显示全部楼层 · 发表于 2016-9-27 00:26:44

本帖最后由 windows7爱好者于 2016-9-27 00:28 编辑

里面有3个EXE,一个SWF
2个EXE被和SWF被SEP击杀
一个入库，两个机器学习
最后一个在和SONAR搏斗了2分钟后被SONAR收拾了

三个衍生物，被机器学习杀两个，入库一个
源文件被SONAR击杀
疯狂大回滚

@pal家族，我找到原因了，我在SONAR的第一栏设置里选择了结束进程和终止服务前提示
以前SEP12选择这两个无非多两个提示，我发现SEP14选择他们会导致需要手动回滚，不能自动回滚

显示全部楼层 · 发表于 2016-9-27 00:28:23

@驭龙这下你可以放心了，这个勒索是最新变种的

显示全部楼层 · 发表于 2016-9-27 00:34:38

红伞杀一个

EXP/FLASH.Pubenush.T.Gen [exploit]

显示全部楼层 · 发表于 2016-9-27 00:39:28

欧阳宣发表于 2016-9-27 00:34
红伞杀一个

EXP/FLASH.Pubenush.T.Gen [exploit]

SWF好像有漏洞攻击代码？

显示全部楼层 · 发表于 2016-9-27 00:48:13

EAV杀一个

显示全部楼层 · 发表于 2016-9-27 01:03:41

原來是Brad大的樣本啊，通常我都會上報

，，，EXE文件都會入庫，上報HTML。

显示全部楼层 · 发表于 2016-9-27 01:06:23

Eset小粉絲发表于 2016-9-27 01:03
原來是Brad大的樣本啊，通常我都會上報，，，EXE文件都會入庫，上報HTML。

我就是找样本测试SONAR的

可惜现在没了神网，新鲜的样本难找啊
以前神网的样本每出一个就是VT全灭

显示全部楼层 · 发表于 2016-9-27 01:11:16

windows7爱好者发表于 2016-9-27 01:06
我就是找样本测试SONAR的
可惜现在没了神网，新鲜的样本难找啊
以前神网的样本每出一个就是VT全 ...

Brad大的樣本幾乎剛出就是新鮮的，可以測試

，過了今天中午，各大殺軟都會入庫的。

現在的神網樣本幾乎都入庫了，就像Vxvault

，沒意思

显示全部楼层 · 发表于 2016-9-27 01:15:45

AVIRA 光掃就報云了

[mw_shl_code=css,true]Start of the scan: Tuesday, 27 September, 2016  01:12

Starting the file scan:

Begin scan in 'C:\Users\User\Downloads\2016-09-26-Afraidgate-Neutrino-EK-malware-and-artifacts\2016-09-26-Afraidgate-Neutrino-EK-payload-Locky-downloader.vir'
Successful Cloud SDK initialization and license check.
The file 'C:\Users\User\Downloads\2016-09-26-Afraidgate-Neutrino-EK-malware-and-artifacts\2016-09-26-Afraidgate-Neutrino-EK-payload-Locky-downloader.vir' was scanned with the Protection Cloud. SHA256 = DA8DE46603BBA7EC820616E7706CACFC86CD405820C0EC32E75448C2F01C42CD
C:\Users\User\Downloads\2016-09-26-Afraidgate-Neutrino-EK-malware-and-artifacts\2016-09-26-Afraidgate-Neutrino-EK-payload-Locky-downloader.vir (SHA-256: da8de46603bba7ec820616e7706cacfc86cd405820c0ec32e75448c2f01c42cd)
  [DETECTION] Is the TR/Crypt.ZPACK.Gen4 (Cloud) Trojan
Begin scan in 'C:\Users\User\Downloads\2016-09-26-Afraidgate-Neutrino-EK-malware-and-artifacts\2016-09-26-another-Locky-binary-found-on-the-infected-host.vir'
The file 'C:\Users\User\Downloads\2016-09-26-Afraidgate-Neutrino-EK-malware-and-artifacts\2016-09-26-another-Locky-binary-found-on-the-infected-host.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 7CF005FAD833D696BD859778235285661C11D5F73290D0D7ED1AD5AC8DBB9A14
C:\Users\User\Downloads\2016-09-26-Afraidgate-Neutrino-EK-malware-and-artifacts\2016-09-26-another-Locky-binary-found-on-the-infected-host.vir (SHA-256: 7cf005fad833d696bd859778235285661c11d5f73290d0d7ed1ad5ac8dbb9a14)
  [DETECTION] Is the TR/Crypt.ZPACK.Gen4 (Cloud) Trojan
  [INFO]    The file 'C:\Users\User\Downloads\2016-09-26-Afraidgate-Neutrino-EK-malware-and-artifacts\2016-09-26-another-Locky-binary-found-on-the-infected-host.vir' has been uploaded to the Protection Cloud and analyzed.
Begin scan in 'C:\Users\User\Downloads\2016-09-26-Afraidgate-Neutrino-EK-malware-and-artifacts\2016-09-26-follow-up-download-Locky.vir'
The file 'C:\Users\User\Downloads\2016-09-26-Afraidgate-Neutrino-EK-malware-and-artifacts\2016-09-26-follow-up-download-Locky.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = F2366CAB8FD2169259A54AED23514C3F9993427E325939DF16C2365B7B4CA8A6
C:\Users\User\Downloads\2016-09-26-Afraidgate-Neutrino-EK-malware-and-artifacts\2016-09-26-follow-up-download-Locky.vir (SHA-256: f2366cab8fd2169259a54aed23514c3f9993427e325939df16c2365b7b4ca8a6)
  [INFO]    The file 'C:\Users\User\Downloads\2016-09-26-Afraidgate-Neutrino-EK-malware-and-artifacts\2016-09-26-follow-up-download-Locky.vir' has been uploaded to the Protection Cloud and analyzed.[/mw_shl_code]

显示全部楼层 · 发表于 2016-9-27 01:18:08

Eset小粉絲发表于 2016-9-27 01:15
AVIRA 光掃就報云了
[mw_shl_code=css,true]Start of the scan: Tuesday, 27 September, 2016 01: ...

因为我上报过了……

[病毒样本] 加密勒索

本帖子中包含更多资源