本帖最后由 pal家族 于 2024-6-18 22:53 编辑
用opentip也行 加关键词、
比如昨天这个
时 间:2024年6月18日(星期二)上午2 : 25 | [url=]纯文本[/url] | [url=][/url][url=][/url][url=][/url][url=][/url][url=][/url] | | |
 邮件可翻译为中文立即翻译
Hello,
New malicious software was found in the attached file. Its detection will be included in the next update.
fc6c7db387f649edb8b62da99d66809c1d08e72d4eeebdf61cfe5d8b4a553bdd - HEUR:Trojan.Win32.Agentb.ge
67BDD734AB11D342D31AE9E06098F9DCFDFA049CE6BEE94E2B41B1A943B07F03 - Trojan-Downloader.PowerShell.Agent.xz
The specified URLs have been added to our blacklist.
Thank you for your help.
Best regards, Chugunov Artem, Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names
__________________________________________
From: xxxxxx@qq.com
Received: 6/17/2024 3:24:25 PM (UTC)
Sent: 6/17/2024 3:24:25 PM (UTC)
To: newvirus@kaspersky.com
Subject: Kaspersky Anti-virus Lab replies to your request [VD3] [FILE:2] [LN:EN]
Client feedback, query fc6c7db387f649edb8b62da99d66809c1d08e72d4eeebdf61cfe5d8b4a553bdd, type [Hash], zone [Yellow], was sent with the following commentary:
kaspersky false negative and fasle positive report: Dear KL. The uploaded file currently detected by kaspersky as an adware. But actually it should be a Lumma Stealer which disguise as another software. when you run it. it will drop real malicious module. The C&C for this malware is https://justifycanddidatewd.shop And the PS1 script that download the malware is 67BDD734AB11D342D31AE9E06098F9DCFDFA049CE6BEE94E2B41B1A943B07F03. Also the fake software distributor is https://ebaafrance.fr Please verify. Thank you..
This message is generated automatically by OpenTIP.
With Best regards,
OpenTIP Team.
|
发表于 2024-6-18 13:42:12
楼主
