BlackEnergy & Quedagh - The convergence of crimeware and APT attacks

显示全部楼层 · 发表于 2014-9-27 09:59:05

http://www.f-secure.com/weblog/archives/00002747.html

https://www.f-secure.com/documen ... ergy_whitepaper.pdf

显示全部楼层 · 发表于 2014-9-27 10:05:54

火绒 kill0x

，
avast kill9x

显示全部楼层 · 发表于 2014-9-27 10:07:53

解压后清空。
9/27/2014 10:06:27 AM "E:\test\virus\BlackEnergy\b1ca89de93a1d9bf17cdbf8a3c61e7f52f275a3bcbbd285d35d6a40c45dde9bd" "Exploit-CVE2010-3333" "2"

9/27/2014 10:06:30 AM "E:\test\virus\BlackEnergy\e791718c0141e3829608142fb0f0d35c9af270f78ae0b72fce2edd07a9684568" "Artemis!462860910526" "2"

9/27/2014 10:06:32 AM "E:\test\virus\BlackEnergy\2aade7381aa87f55b7d7a5284d22be5472fd8cd966d216fd4445ca3a8bbb3ff3" "Artemis!715E9E60BE5A" "2"

9/27/2014 10:06:32 AM "E:\test\virus\BlackEnergy\91f72808aaed45a76ff1044a23fd6df4b7ab7ace292725522518feb9c0b8574e" "RDN/Generic BackDoor!zt" "2"

9/27/2014 10:06:33 AM "E:\test\virus\BlackEnergy\4b2efcda5269f4b80dc417a2b01332185f2fafabd8ba7114fa0306baaab5a72d" "Artemis!FD111A5496B6" "2"

9/27/2014 10:06:33 AM "E:\test\virus\BlackEnergy\bc062acda428f55782710f9c4f2df88c26dfbc004b94b479459f8572b1219444" "Generic.ub" "2"

9/27/2014 10:06:33 AM "E:\test\virus\BlackEnergy\951e5623c20d4e9ab158fe105436389dbf61327b2c87b7fb36f8ad3ff5ad9bde" "Artemis!9B29903A67DF" "2"

9/27/2014 10:06:33 AM "E:\test\virus\BlackEnergy\d841d9092239fc029b10da01c19868749b0f6bd757926ff04674658468495808" "Artemis!6CAC1A8BA79F" "2"

9/27/2014 10:06:33 AM "E:\test\virus\BlackEnergy\af62f29ac01e8335bf41c02c1460ebafcbaf94956b1001f7d515eecf63cea4f2" "Artemis!8B152FC5885C" "2"

9/27/2014 10:06:34 AM "E:\test\virus\BlackEnergy\f8b974cf978a3828aeb9b83fc48645da576e4b90dd47c2b82a46f6c14665a9e5" "RDN/Generic Dropper!vg" "2"

9/27/2014 10:06:34 AM "E:\test\virus\BlackEnergy\01425582aa5001342b985270a365fd92d909be011384247e81872bff586fa142" "Artemis!B3F4C8612196" "2"

9/27/2014 10:06:34 AM "E:\test\virus\BlackEnergy\47aea6a4e1da1fb8b454c038c21736bee53d59d095a4f5b866d5dd8158fead41" "Artemis!DA079CA6D8FF" "2"

9/27/2014 10:06:37 AM "E:\test\virus\BlackEnergy\16d68b740b5d9aa60929e39fd616d31be2c8528d0f1e58db4cbb16976f7cd725" "Artemis!90B19A0021B8" "2"

显示全部楼层 · 发表于 2014-9-27 10:16:28

金山云引擎12，开伞+1

显示全部楼层 · 发表于 2014-9-27 10:17:38

除掉一个rtf文件
Baidu Antivirus清空
巡警启发7个
费尔杀5个

显示全部楼层 · 发表于 2014-9-27 10:30:30

ESS KILL 13X

显示全部楼层 · 发表于 2014-9-27 10:51:26

诺顿主防2015全杀

显示全部楼层 · 发表于 2014-9-27 11:00:45

好压EAVKILL ALL

火绒扫描MISS

显示全部楼层 · 发表于 2014-9-27 11:24:08

本帖最后由 hzz2009 于 2014-9-27 11:25 编辑

卡巴清空

[mw_shl_code=css,true]27.09.2014 11.21.43 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\16d68b740b5d9aa60929e39fd616d31be2c8528d0f1e58db4cbb16976f7cd725 文件: g:\virus stamples\blackenergy\16d68b740b5d9aa60929e39fd616d31be2c8528d0f1e58db4cbb16976f7cd725 对象名称: Backdoor.Win32.Fonten.h 对象类型: 木马程序时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.46 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\4b2efcda5269f4b80dc417a2b01332185f2fafabd8ba7114fa0306baaab5a72d 文件: g:\virus stamples\blackenergy\4b2efcda5269f4b80dc417a2b01332185f2fafabd8ba7114fa0306baaab5a72d 对象名称: 对象类型: 未知威胁时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.51 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\bc062acda428f55782710f9c4f2df88c26dfbc004b94b479459f8572b1219444 文件: g:\virus stamples\blackenergy\bc062acda428f55782710f9c4f2df88c26dfbc004b94b479459f8572b1219444 对象名称: 对象类型: 未知威胁时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.44 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\2aade7381aa87f55b7d7a5284d22be5472fd8cd966d216fd4445ca3a8bbb3ff3 文件: g:\virus stamples\blackenergy\2aade7381aa87f55b7d7a5284d22be5472fd8cd966d216fd4445ca3a8bbb3ff3 对象名称: Backdoor.Win64.Blakken.c 对象类型: 木马程序时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.48 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\951e5623c20d4e9ab158fe105436389dbf61327b2c87b7fb36f8ad3ff5ad9bde 文件: g:\virus stamples\blackenergy\951e5623c20d4e9ab158fe105436389dbf61327b2c87b7fb36f8ad3ff5ad9bde 对象名称: Backdoor.Win32.Blakken.ww 对象类型: 木马程序时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.52 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\e791718c0141e3829608142fb0f0d35c9af270f78ae0b72fce2edd07a9684568 文件: g:\virus stamples\blackenergy\e791718c0141e3829608142fb0f0d35c9af270f78ae0b72fce2edd07a9684568 对象名称: Backdoor.Win32.Blakken.xp 对象类型: 木马程序时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.53 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\f8b974cf978a3828aeb9b83fc48645da576e4b90dd47c2b82a46f6c14665a9e5 文件: g:\virus stamples\blackenergy\f8b974cf978a3828aeb9b83fc48645da576e4b90dd47c2b82a46f6c14665a9e5 对象名称: Trojan-Dropper.Win32.Dinwod.rbk 对象类型: 木马程序时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.06 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\01425582aa5001342b985270a365fd92d909be011384247e81872bff586fa142 文件: g:\virus stamples\blackenergy\01425582aa5001342b985270a365fd92d909be011384247e81872bff586fa142 对象名称: 对象类型: 未知威胁时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.52 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\d841d9092239fc029b10da01c19868749b0f6bd757926ff04674658468495808 文件: g:\virus stamples\blackenergy\d841d9092239fc029b10da01c19868749b0f6bd757926ff04674658468495808 对象名称: Backdoor.Win32.Blakken.xo 对象类型: 木马程序时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.51 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\bc062acda428f55782710f9c4f2df88c26dfbc004b94b479459f8572b1219444//data0000 文件: g:\virus stamples\blackenergy\bc062acda428f55782710f9c4f2df88c26dfbc004b94b479459f8572b1219444//data0000 对象名称: Backdoor.Win32.Fonten.c 对象类型: 木马程序时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.06 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\01425582aa5001342b985270a365fd92d909be011384247e81872bff586fa142//# 文件: g:\virus stamples\blackenergy\01425582aa5001342b985270a365fd92d909be011384247e81872bff586fa142//# 对象名称: Backdoor.Win32.Fonten.a 对象类型: 木马程序时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.45 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\47aea6a4e1da1fb8b454c038c21736bee53d59d095a4f5b866d5dd8158fead41//# 文件: g:\virus stamples\blackenergy\47aea6a4e1da1fb8b454c038c21736bee53d59d095a4f5b866d5dd8158fead41//# 对象名称: Backdoor.Win32.Blakken.zq 对象类型: 木马程序时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.48 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\91f72808aaed45a76ff1044a23fd6df4b7ab7ace292725522518feb9c0b8574e 文件: g:\virus stamples\blackenergy\91f72808aaed45a76ff1044a23fd6df4b7ab7ace292725522518feb9c0b8574e 对象名称: Backdoor.Win32.Blakken.aac 对象类型: 木马程序时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.45 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\47aea6a4e1da1fb8b454c038c21736bee53d59d095a4f5b866d5dd8158fead41 文件: g:\virus stamples\blackenergy\47aea6a4e1da1fb8b454c038c21736bee53d59d095a4f5b866d5dd8158fead41 对象名称: 对象类型: 未知威胁时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.46 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\4b2efcda5269f4b80dc417a2b01332185f2fafabd8ba7114fa0306baaab5a72d//# 文件: g:\virus stamples\blackenergy\4b2efcda5269f4b80dc417a2b01332185f2fafabd8ba7114fa0306baaab5a72d//# 对象名称: Backdoor.Win32.Blakken.zq 对象类型: 木马程序时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.50 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\b1ca89de93a1d9bf17cdbf8a3c61e7f52f275a3bcbbd285d35d6a40c45dde9bd 文件: g:\virus stamples\blackenergy\b1ca89de93a1d9bf17cdbf8a3c61e7f52f275a3bcbbd285d35d6a40c45dde9bd 对象名称: Exploit.MSWord.CVE-2010-3333.ar 对象类型: 木马程序时间: 9/27/2014, 11:21 AM
27.09.2014 11.21.49 检测到的对象（文件）已删除 g:\virus stamples\blackenergy\af62f29ac01e8335bf41c02c1460ebafcbaf94956b1001f7d515eecf63cea4f2 文件: g:\virus stamples\blackenergy\af62f29ac01e8335bf41c02c1460ebafcbaf94956b1001f7d515eecf63cea4f2 对象名称: Backdoor.Win32.Blakken.yc 对象类型: 木马程序时间: 9/27/2014, 11:21 AM
[/mw_shl_code]

显示全部楼层 · 发表于 2014-9-27 11:57:05

本帖最后由 panzhitian 于 2014-9-27 11:58 编辑

小a解压+扫描剩2

951e5623c20d4e9ab158fe105436389dbf61327b2c87b7fb36f8ad3ff5ad9bde

f8b974cf978a3828aeb9b83fc48645da576e4b90dd47c2b82a46f6c14665a9e5

edited： to avast

[病毒样本] BlackEnergy & Quedagh - The convergence of crimeware and APT attacks

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块