Detection ratio: 2 / 53 Angler Exploit Kit Website 21 监视剪切板，注入，加密

开开心心卖手机

墨家小子 发表于 2016-2-3 17:56
对了，用IDP测试完之后最好用Autoruns再扫一下看看有没有漏的，别学本区有些人双击完就是截图，啥结论都 ...

好的，下次我会注意的！因为测试环境被我换下来了，有机会再补上吧

aboringman

开开心心卖手机 发表于 2016-2-3 18:12
好的，下次我会注意的！因为测试环境被我换下来了，有机会再补上吧

看来我可以退休了，哈哈哈哈。

开开心心卖手机

aboringman 发表于 2016-2-3 18:46
看来我可以退休了，哈哈哈&# ...

我只是偶尔测测，不是次次都能赶上

aboringman

开开心心卖手机 发表于 2016-2-3 18:52
我只是偶尔测测，不是次次都能赶上

说实话，现在样本区测试AVG的人真的很少，我感觉好凄凉啊，唉。。。。。。

加油吧，还有，IDP真的很鬼畜。。。。。。

猥琐大叔

pal家族

Kaspersky
Internet Security
ACCESS DENIED
The requested URL cannot be provided

Object URL:

https://att.kafan.cn/forum.php?mo ... Dk3NTc3MnwxOTYxNjYz

Reason:

The object is infected by Trojan-Ransom.Win32.Cryptodef.adca
Message generated on: 2016/2/3 20:38:38

不知道什么时候卡巴被入库的，我才回家哒！

icedream89

kill

aboringman

ESET（Special Test）：测试AMS及BP能力

单测AMS：

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash

2016/2/3 19:10:55;Advanced memory scanner;file;Operating memory » C:\Users\kiiler\Desktop\F2C6.tmp.exe;a variant of Win32/Filecoder.CryptoWall.G trojan;cleaned;;;002ACCFEB02FAA8C10A0EB7C447337F359A38422

关闭AMS，测试BP（连带WP）：

Time;Event;Source;Target;Protocol;Rule/worm name;Application;User

2016/2/3 19:20:51;Suspected botnet detected;192.168.1.102:49597;117.55.227.69:80;TCP;Win32/CryptoWall;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler

2016/2/3 19:18:54;Suspected botnet detected;192.168.1.102:49547;92.43.16.18:80;TCP;Win32/CryptoWall;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler

2016/2/3 19:18:44;Suspected botnet detected;192.168.1.102:49546;192.121.166.102:80;TCP;Win32/CryptoWall;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler

2016/2/3 19:18:35;Suspected botnet detected;192.168.1.102:49545;185.67.240.46:80;TCP;Win32/CryptoWall;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler

2016/2/3 19:18:25;Suspected botnet detected;192.168.1.102:49544;212.90.148.111:80;TCP;Win32/CryptoWall;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler

2016/2/3 19:18:13;Suspected botnet detected;192.168.1.102:49542;212.27.63.153:80;TCP;Win32/CryptoWall;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler

Time;URL;Status;Application;User;IP address

2016/2/3 19:20:51;http://divathemes.com/vwnRJG.php?y=i24c2w7t2x2v;Blocked by internal blacklist;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler;117.55.227.69

2016/2/3 19:18:54;http://webdeportes.es/P35YLA.php?j=rc2sjr5miani826;Blocked by internal blacklist;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler;92.43.16.18

2016/2/3 19:18:44;http://trivet.sk/174DQV.php?x=y6n047k7cj3a;Blocked by internal blacklist;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler;192.121.166.102

2016/2/3 19:18:35;http://litatex.com/4bnu_K.php?l=1qhj7i9ma2nmz8;Blocked by internal blacklist;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler;185.67.240.46

2016/2/3 19:18:25;http://tcblog.de/qmnKy8.php?h=aj071r45gzlz5i;Blocked by internal blacklist;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler;212.90.148.111

2016/2/3 19:18:13;http://ziusphotographie.free.fr/SCNnAd.php?y=6wb54hgzusa8;Blocked by internal blacklist;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler;212.27.63.153

2016/2/1 13:03:17;http://blog.trilyerestaurant.com/J0Tc4D.php?c=yb935jo5vmy;Blocked by internal blacklist;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler;95.173.164.100

2016/2/1 13:03:06;http://en.theolympiaschools.edu.vn/aU3Nwm.php?f=yb935jo5vmy;Blocked by internal blacklist;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler;112.78.4.229

2016/2/1 13:02:56;http://bronderslev-marked.dk/JgtPzi.php?i=yb935jo5vmy;Blocked by internal blacklist;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler;77.68.239.147

2016/2/1 13:02:45;http://grochowina.net/UnvPso.php?j=yb935jo5vmy;Blocked by internal blacklist;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler;188.116.35.23

2016/2/1 13:02:34;http://bikeneal.com/1EFs9Q.php?y=yb935jo5vmy;Blocked by internal blacklist;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler;63.143.37.114

2016/2/1 13:02:23;http://thecreditcoach.com/aItNxn.php?a=yb935jo5vmy;Blocked by internal blacklist;C:\Windows\System32\svchost.exe;kiiler-PC\kiiler;107.178.251.146

MXCERILYF!

卡巴入库了

伤花

楼主真霸气啊，大大瑞星好样的。