本帖最后由 swizzer 于 2020-12-13 09:11 编辑
WiseVector
昨天22:37的病毒库
扫描5x,双击1x
- 2020-12-13 09:02:07|C:\Windows\Childsong.exe|WIBD:HEUR.Trojan.V
- 2020-12-13 09:02:11|D:\$aa\CoinMiner\7aae703aa13fd2e58320297386b4b4342ac5d945ac3a33a7a374d95c3bd249bd.exe|WIBD:HEUR.Trojan.V
复制代码2020-12-13 09:01:54|D:\$aa\CoinMiner\14f77fb8a12fb5432ba212195783c2183f542dc11935a94bfb6337b7ce4aeb47|Heur.ML.PE.A
2020-12-13 09:01:55|D:\$aa\CoinMiner\1b5f2b90670146f79ec32ad10d8fff058a84a1f2e753004f0b9f2e691ec25cc7|Heur.ML.PE.C
2020-12-13 09:01:56|D:\$aa\CoinMiner\551de6e204479cc8772824a3485a30c860165bb4409174d784c2af32b07361e1|Heur.ML.PE.C
2020-12-13 09:01:57|D:\$aa\CoinMiner\6c667b95272c339cca70318b75b75d2ecad78b9bb0413520be68b1fd39c213fb|Heur.ML.PE.E
2020-12-13 09:01:57|D:\$aa\CoinMiner\cb130067a03bf471e319ff107d147aa2aa8b2a0c01e3d51ba227efb08c9bc902|Heur.ML.PE.A 纯双击5x(改名后运行)
- 2020-12-13 09:05:55|D:\$aa\CoinMiner\1.exe|WIBD:HEUR.Trojan.KD
- 2020-12-13 09:05:59|C:\Users\Administrator\AppData\Roaming\CpoDllost.exe|WIBD:HEUR.Trojan.KD
- 2020-12-13 09:06:08|D:\$aa\CoinMiner\3.exe|WIBD:HEUR.Trojan.FB
- 2020-12-13 09:06:11|C:\Windows\Childsong.exe|WIBD:HEUR.Trojan.FB
- 2020-12-13 09:06:15|D:\$aa\CoinMiner\2.exe|WIBD:HEUR.MalBehavior.A0
- 2020-12-13 09:06:18|D:\$aa\CoinMiner\2.exe|WIBD:HEUR.MalBehavior.B
- 2020-12-13 09:06:23|C:\Windows\System32\notepad.exe|MEMRAY:MalCode.A0
- 2020-12-13 09:07:47|D:\$aa\CoinMiner\4.exe|WIBD:HEUR.MalPowerShell.A0
- 2020-12-13 09:07:55|D:\$aa\CoinMiner\5.exe|WIBD:HEUR.MalBehavior.A0
- 2020-12-13 09:07:57|D:\$aa\CoinMiner\5.exe|WIBD:HEUR.MalBehavior.B
- 2020-12-13 09:08:10|C:\ProgramData\jnjYmQYUdm\r.vbs|WIBD:HEUR.MalPersistence.T1
复制代码
notepad惨遭利用···
Miner相关配置
- {
- "algo": "cryptonight",
- "autosave": false,
- "background": false,
- "colors": true,
- "retries": 5,
- "retry-pause": 5,
- "syslog": false,
- "print-time": 60,
- "av": 0,
- "safe": false,
- "cpu-priority": null,
- "cpu-affinity": null,
- "donate-level": 0,
- "threads": 4,
- "pools": [
- {
- "url": "pool.supportxmr.com:5555",
- "user": "45vox8vwEbcLti34DikxKy1KzkShwQ5b8dWjLzPcQ56gGQy5e5H7VmUE5Eh7E8yfczG8igc9Y9DxFF5isU5CVwYD64U4Y8w",
- "pass": "x",
- "keepalive": false,
- "nicehash": false,
- "variant": "r",
- "tls": false,
- "tls-fingerprint": null
- }
- ],
- "api": {
- "port": 0,
- "access-token": null,
- "worker-id": null
- }
- }
复制代码
|