DUBNIUM

显示全部楼层 · 发表于 2016-7-15 21:49:00

本帖最后由 hx1997 于 2016-7-15 22:10 编辑

https://blogs.technet.microsoft. ... 2-payload-analysis/

链接: https://pan.baidu.com/s/1i5LLCuL 密码: 6rxq

infected

ESET 15 个，已上报
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\15b8d969b4a549f6c7751d91d1939092d8d702a7b6da8b74b9a24df1209a68ac > ZWS > file.swf - SWF/Exploit.Agent.KI 特洛伊木马的变种
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\16f0b05d5e8546ab1504b07b0eaa0e8de14bca7c1555fd114c4c1c51d5a4c06b - Win32/Inexsmar.B 特洛伊木马
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\1feaad03f6c0b57f5f5b02aef668e26001e5a7787bb51966d50c8fcf344fb4e8 - Win32/Inexsmar.B 特洛伊木马
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\41ecd81bc7df4b47d713e812f2b7b38d3ac4b9dcdc13dd5ca61763a4bf300dcf - Win32/Inexsmar.B 特洛伊木马
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\77ca1148503def0d8e9674a37e1388e5c910da4eda9685eabe68fd0ee227b727 - Win32/Inexsmar.B 特洛伊木马
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\8ca8067dfef13f10e657d299b517008ad7523aacf7900a1afeb0a8508a6e11d3 - Win32/Inexsmar.B 特洛伊木马
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\a25715108d2859595959879ff50085bc85969e9473ecc3d26dda24c4a17822c9 - Win32/Inexsmar.B 特洛伊木马
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\a77d1c452291a6f2f6ed89a4bac88dd03d38acde709b0061efd9f50e6d9f3827 - Win32/Inexsmar.B 特洛伊木马
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\b175567800d62dcb00212860d23742290688cce37864930850522be586efa882 - LNK/TrojanDownloader.Agent.E 特洛伊木马
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\bd780f4d56214c78045454d31d83ae18ed209cc138e75d138e72976a7ef9803f - Win32/Inexsmar.B 特洛伊木马
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\caefcdf2b4e5a928cdf9360b70960337f751ec4a5ab8c0b75851fc9a1ab507a8 - Win32/Inexsmar.B 特洛伊木马
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\e0362d319a8d0e13eda782a0d8da960dd96043e6cc3500faeae521d1747576e5 - Win32/Inexsmar.B 特洛伊木马
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\e0918072d427d12b43f436bf0797a361996ae436047d4ef8277f11caf2dd481b - Win32/Inexsmar.B 特洛伊木马
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\e76c37b86602c6cc929dffe5df7b1056bff9228dde7246bf4ac98e364c99b688 - LNK/TrojanDownloader.Agent.E 特洛伊木马
C:\Users\Lucifer\Downloads\Compressed\DUBNIUM\f529a10126b83157e403742c8c7c90742a490a24270cb137b372ba84e5977d78 - Win32/Inexsmar.B 特洛伊木马

显示全部楼层 · 发表于 2016-7-15 21:58:44

本帖最后由心醉咖啡于 2016-7-15 22:28 编辑

毒霸20个杀11个

二扫多杀一个

显示全部楼层 · 发表于 2016-7-15 22:05:30

本帖最后由诸葛亮于 2016-7-15 22:08 编辑

红伞扫描17/20

Beginning disinfection:
C:\Users\huang\Desktop\DUBNIUM\f529a10126b83157e403742c8c7c90742a490a24270cb137b372ba84e5977d78
  [DETECTION] Is the TR/Taranis.1894 Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '50934124.qua'!
C:\Users\huang\Desktop\DUBNIUM\e76c37b86602c6cc929dffe5df7b1056bff9228dde7246bf4ac98e364c99b688
  [DETECTION] Is the TR/LNK.PSH.Downloader.Gen Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '48006eb3.qua'!
C:\Users\huang\Desktop\DUBNIUM\e0918072d427d12b43f436bf0797a361996ae436047d4ef8277f11caf2dd481b
  [DETECTION] Is the TR/Agent.1409536.20 Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '1a203441.qua'!
C:\Users\huang\Desktop\DUBNIUM\e0362d319a8d0e13eda782a0d8da960dd96043e6cc3500faeae521d1747576e5
  [DETECTION] Is the TR/Spy.Agent.1550874 Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '7c6d7b74.qua'!
C:\Users\huang\Desktop\DUBNIUM\dbd40919d516f7a3ae7f29fab06d604463694a8ef38cd0a8ce81a7305f1e6707 (SHA-256: dbd40919d516f7a3ae7f29fab06d604463694a8ef38cd0a8ce81a7305f1e6707)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [NOTE]    The file was moved to the quarantine directory under the name '39be560a.qua'!
C:\Users\huang\Desktop\DUBNIUM\caefcdf2b4e5a928cdf9360b70960337f751ec4a5ab8c0b75851fc9a1ab507a8
  [DETECTION] Is the TR/Spy.Agent.478849.1 Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '46a46467.qua'!
C:\Users\huang\Desktop\DUBNIUM\bd780f4d56214c78045454d31d83ae18ed209cc138e75d138e72976a7ef9803f
  [DETECTION] Is the TR/Agent.1409536.22 Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '0a4e483d.qua'!
C:\Users\huang\Desktop\DUBNIUM\b175567800d62dcb00212860d23742290688cce37864930850522be586efa882
  [DETECTION] Is the TR/LNK.PSH.Downloader.Gen Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '76560809.qua'!
C:\Users\huang\Desktop\DUBNIUM\a77d1c452291a6f2f6ed89a4bac88dd03d38acde709b0061efd9f50e6d9f3827
  [DETECTION] Is the TR/Spy.Agent.473510 Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '5b0c272e.qua'!
C:\Users\huang\Desktop\DUBNIUM\a25715108d2859595959879ff50085bc85969e9473ecc3d26dda24c4a17822c9
  [DETECTION] Is the TR/Agent.1409536.18 Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '42661cbe.qua'!
C:\Users\huang\Desktop\DUBNIUM\8ca8067dfef13f10e657d299b517008ad7523aacf7900a1afeb0a8508a6e11d3
  [DETECTION] Is the TR/Spy.Agent.487962 Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '2e6e314f.qua'!
C:\Users\huang\Desktop\DUBNIUM\77ca1148503def0d8e9674a37e1388e5c910da4eda9685eabe68fd0ee227b727
  [DETECTION] Is the TR/Spy.Agent.478849 Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '5fd5093f.qua'!
C:\Users\huang\Desktop\DUBNIUM\64cab39189af572cdd6839c1a364e4ede805538e140b6c304490ac2c31b5ac28 (SHA-256: 64cab39189af572cdd6839c1a364e4ede805538e140b6c304490ac2c31b5ac28)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [NOTE]    The file was moved to the quarantine directory under the name '51cf380f.qua'!
C:\Users\huang\Desktop\DUBNIUM\41ecd81bc7df4b47d713e812f2b7b38d3ac4b9dcdc13dd5ca61763a4bf300dcf
  [DETECTION] Is the TR/Agent.1409536.18 Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '14e04152.qua'!
C:\Users\huang\Desktop\DUBNIUM\3a2b8da91adc56c69212a3eb2f0a227250441cb3bbf9bb727204bf58fb1c34d8 (SHA-256: 3a2b8da91adc56c69212a3eb2f0a227250441cb3bbf9bb727204bf58fb1c34d8)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [NOTE]    The file was moved to the quarantine directory under the name '1dbc45bb.qua'!
C:\Users\huang\Desktop\DUBNIUM\1feaad03f6c0b57f5f5b02aef668e26001e5a7787bb51966d50c8fcf344fb4e8
  [DETECTION] Is the TR/Inexsmar.1409536 Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '45aa5cef.qua'!
C:\Users\huang\Desktop\DUBNIUM\16f0b05d5e8546ab1504b07b0eaa0e8de14bca7c1555fd114c4c1c51d5a4c06b
  [DETECTION] Is the TR/Agent.1409536.23 Trojan
  [NOTE]    The file was moved to the quarantine directory under the name '695d2502.qua'!

End of the scan: 2016年7月15日  22:02
Used time: 00:41 Minute(s)

The scan has been done completely.

   1 Scanned directories
   36 Files were scanned
   17 Viruses and/or unwanted programs were found
   0 Files were classified as suspicious
   0 Files were deleted
   0 Viruses and unwanted programs were repaired
   17 Files were moved to quarantine
   0 Files were renamed
   0 Files cannot be scanned
   19 Files not concerned
   3 Archives were scanned
   0 Warnings
   17 Notes

剩余的3个红伞云miss

显示全部楼层 · 发表于 2016-7-15 22:14:18

诺顿杀17个，剩下3个windows10 无法运行。。。

显示全部楼层 · 发表于 2016-7-15 22:47:04

卡巴扫描17X 未双击

显示全部楼层 · 发表于 2016-7-15 22:50:18

卡巴剩下这一个：

显示全部楼层 · 发表于 2016-7-15 23:17:48

IE 8 下载不了。。。。。。

显示全部楼层 · 发表于 2016-7-15 23:24:16

pal家族发表于 2016-7-15 22:50
卡巴剩下这一个：

三分钟多两个？

显示全部楼层 · 发表于 2016-7-15 23:28:41

nick20010117 发表于 2016-7-15 23:24
三分钟多两个？

好像是的。。。。

显示全部楼层 · 发表于 2016-7-15 23:37:11

SCEP 剩下 6 个，上传 11个。

[病毒样本] DUBNIUM

评分

本帖子中包含更多资源

本帖子中包含更多资源