APT28

HellBoyF

几个APT28的样本，微步云沙箱检测全为恶意，这里我只附加一个链接吧
0860f29226069a732f988cb70ea6d51057d204d421bb709b8e759376b0c4d201

Jerry.Lin

AVIRA KILL ALL

1. 2018/6/1,9:47:48 [INFO] FP reports status 'NO False Positive' for file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\apt28\apt28\060448ffd71fe2edbb5fe7c6298ad2b077e57fa6ed6d4250fbd799dd85488843 (1)'
   
2. 2018/6/1,9:47:48 [DETECTION] Is the TR/RedCap.kgoci Trojan!
   
3.   C:\Users\zhong\Downloads\Compressed\VIRUS TEST\apt28\apt28\060448ffd71fe2edbb5fe7c6298ad2b077e57fa6ed6d4250fbd799dd85488843 (1)
   
4.       [INFO] The file will be copied to quarantine!
   
5. 2018/6/1,9:47:49 [INFO] FP reports status 'NO False Positive' for file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\apt28\apt28\0860f29226069a732f988cb70ea6d51057d204d421bb709b8e759376b0c4d201'
   
6. 2018/6/1,9:47:49 [DETECTION] Is the TR/RedCap.hjqdd Trojan!
   
7.   C:\Users\zhong\Downloads\Compressed\VIRUS TEST\apt28\apt28\0860f29226069a732f988cb70ea6d51057d204d421bb709b8e759376b0c4d201
   
8.       [INFO] The file will be copied to quarantine!
   
9. 2018/6/1,9:47:50 [INFO] FP reports status 'NO False Positive' for file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\apt28\apt28\27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9'
   
10. 2018/6/1,9:47:50 [DETECTION] Is the TR/RedCap.iculf Trojan!
    
11.   C:\Users\zhong\Downloads\Compressed\VIRUS TEST\apt28\apt28\27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9
    
12.       [INFO] The file will be copied to quarantine!
    
13. 2018/6/1,9:47:50 [INFO] FP reports status 'NO False Positive' for file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\apt28\apt28\e029ed8cfe34185c94b15c74f52d6fdf9bf9b635853c466b2589c1d9f3639200'
    
14. 2018/6/1,9:47:50 [DETECTION] Is the TR/RedCap.qmstp Trojan!
    
15.   C:\Users\zhong\Downloads\Compressed\VIRUS TEST\apt28\apt28\e029ed8cfe34185c94b15c74f52d6fdf9bf9b635853c466b2589c1d9f3639200
    
16.       [INFO] The file will be copied to quarantine!
    
17. 2018/6/1,9:47:51 [INFO] FP reports status 'NO False Positive' for file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\apt28\apt28\fa8de430fb491d898ee4e557977f036f2aae5f019c3b0552c9e0223da748fc27'
    
18. 2018/6/1,9:47:51 [DETECTION] Is the TR/RedCap.ugxfo Trojan!
    
19.   C:\Users\zhong\Downloads\Compressed\VIRUS TEST\apt28\apt28\fa8de430fb491d898ee4e557977f036f2aae5f019c3b0552c9e0223da748fc27
    
20.       [INFO] The file will be copied to quarantine!

复制代码

ELOHIM

Microsoft 反恶意软件 已采取措施保护此计算机免受恶意软件或其他可能不需要的软件的侵害。
有关更多信息，请查看下列内容:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Falojak&threatid=2147727093&enterprise=1
  名称: Trojan:Win32/Falojak
  ID: 2147727093
  严重性: 严重
  类别: 特洛伊木马
  路径: containerfile:_F:\Virus\apt28.zip;
file:_F:\Virus\apt28.zip->apt28/060448ffd71fe2edbb5fe7c6298ad2b077e57fa6ed6d4250fbd799dd85488843(1);
file:_F:\Virus\apt28.zip->apt28/0860f29226069a732f988cb70ea6d51057d204d421bb709b8e759376b0c4d201;
file:_F:\Virus\apt28.zip->apt28/27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9;
file:_F:\Virus\apt28.zip->apt28/e029ed8cfe34185c94b15c74f52d6fdf9bf9b635853c466b2589c1d9f3639200;
file:_F:\Virus\apt28.zip->apt28/fa8de430fb491d898ee4e557977f036f2aae5f019c3b0552c9e0223da748fc27;
webfile:_F:\Virus\apt28.zip|https://att.kafan.cn/forum.php?mo ... DY2NTU5OXwyMTI0MTU3|iexplore.exe
  检测原点: Internet
  检测类型: 具体
  检测源: 下载和附件
  用户: NT AUTHORITY\SYSTEM
  进程名称: Unknown
  操作: 隔离
  操作状态:  No additional actions required
  错误代码: 0x80508023
  错误描述: 该程序在此计算机上找不到间谍软件和其他潜在的垃圾软件。
  签名版本: AV: 1.269.431.0, AS: 1.269.431.0, NIS: 119.0.0.0
  引擎版本: AM: 1.1.14901.4, NIS: 2.1.14600.4

ATP_synthase

卡巴
拒绝访问
无法访问该网页

对象网址:

https://att.kafan.cn/forum.php?mo ... DN8MjEyNDE1Nw%3D%3D
原因: 对象被感染 Backdoor.Win32.DoubleAgent.d

消息生成时间: 2018/6/1 10:05:17

540923555

WD清空

，就一个.

迈克菲清空

a27573

ESET kill all

1. 时间;扫描程序;对象类型;对象;威胁;操作;用户;信息;哈希;此处首次所见
   
2. 2018/6/1 20:21:40;文件系统实时防护;文件;F:\病毒\收集\其他\apt28\apt28\e029ed8cfe34185c94b15c74f52d6fdf9bf9b635853c466b2589c1d9f3639200;Win32/Agent.ZQE 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;1470995DE2278AE79646D524E7C311DAD29AEE17;2018/6/1 20:21:15
   
3. 2018/6/1 20:21:40;文件系统实时防护;文件;F:\病毒\收集\其他\apt28\apt28\060448ffd71fe2edbb5fe7c6298ad2b077e57fa6ed6d4250fbd799dd85488843 (1);Win32/Agent.ZQE 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;2529F6EDA28D54490119D2123D22DA56783C704F;2018/6/1 20:21:15
   
4. 2018/6/1 20:21:46;文件系统实时防护;文件;F:\病毒\收集\其他\apt28\apt28\27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9;Win32/Agent.ZQE 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;10D571D66D3AB7B9DDF6A850CB9B8E38B07623C0;2018/6/1 20:21:15
   
5. 2018/6/1 20:21:53;文件系统实时防护;文件;F:\病毒\收集\其他\apt28\apt28\fa8de430fb491d898ee4e557977f036f2aae5f019c3b0552c9e0223da748fc27;Win32/Agent.ZQE 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;397D97E278110A48BD2CB11BB5632B99A9100DBD;2018/6/1 20:21:15
   
6. 2018/6/1 20:21:58;文件系统实时防护;文件;F:\病毒\收集\其他\apt28\apt28\0860f29226069a732f988cb70ea6d51057d204d421bb709b8e759376b0c4d201;Win32/Agent.ZQE 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;DDAA06A4021BAF980A08CAEA899F2904609410B9;2018/6/1 20:21:15
   

复制代码

心醉咖啡

毒霸

1. 扫描时间：[2018-06-01 20:24:59]
   
2. 扫描用时：[00:00:04]
   
3. 扫描类型：自定义查杀
   
4. 扫描文件总数：5
   
5. 扫描速度：1文件/秒
   
6. 发现威胁：2个
   
7. 清除威胁：2个
   
8. =============================================
   
9. [2018-06-01 20:25:13]
   
10. 威胁：f:\浏览器下载\apt28\27dd9de09e22efa2ef12e9e2f462fa9da83684bdb4ec900dd86439c5758107d9
    
11. 类型：win32.heur.kvmh017.a.(kcloud)
    
12. 处理方式：删除
    
13. 
    
14. [2018-06-01 20:25:13]
    
15. 威胁：f:\浏览器下载\apt28\fa8de430fb491d898ee4e557977f036f2aae5f019c3b0552c9e0223da748fc27
    
16. 类型：win32.heur.kvm099.a.(kcloud)
    
17. 处理方式：删除
    
18. 
    

复制代码

Im_Zeus

大蜘蛛安全...