VT4 FatalRAT1x

Nocria

zfc234 发表于 2025-3-25 09:14
想咨询一下VES是个人购买的还是企业买的呀？有渠道吗？谢谢

我是在官网买的 VES (VIPRE Endpoint Security Cloud) 一席位版本
https://vipre.com/products/endpoint-security/endpoint-solutions/
需要注意的是没有中文版

电脑发烧迷

360 miss ，红伞kill

Fadouse

吃瓜群众第123位

FSP KILL

chx818

elastic security 执行后被击杀，并产生了一堆告警


基于Grok2的Attack Discovery：

Summary
Critical security incident on

desktop-c2asff2
involving
FatalRAT.exe
executed by

chx818
with shellcode injection and unbacked shellcode from an unsigned module.

Details
On

desktop-c2asff2
, a critical security incident was detected involving the execution of
FatalRAT.exe
by

chx818
. The attack began at
2025-03-25T11:43:38.481Z
and involved multiple alerts related to shellcode injection and unbacked shellcode from an unsigned module. The process
C:\Users\chx818\Downloads\FatalRAT\FatalRAT.exe
was executed with high integrity level, indicating a potential privilege escalation attempt. The malware used defense evasion tactics, specifically process injection (T1055), to hide its activities. The absence of a code signature and the use of shellcode suggest a sophisticated attack, possibly linked to known threat groups like Pikabot or Latrodectus, as referenced in the alerts. The attack progression likely involved:

Initial Execution:

chx818
executed
FatalRAT.exe
from a downloaded location.
Privilege Escalation: The process ran with a high integrity level, suggesting an attempt to gain elevated permissions.
Defense Evasion: The use of shellcode injection and unbacked shellcode from an unsigned module indicates efforts to evade detection.
Persistence: The malware may have attempted to establish persistence on the system, though this was not directly observed in the alerts.

biue

腾讯电脑管家 1X