当前位置:网站首页>关于2022年3月APT-C-41伪装为WinRar.exe攻击的终端侧应急响应排查点
关于2022年3月APT-C-41伪装为WinRar.exe攻击的终端侧应急响应排查点
2022-07-15 18:09:00 【Sumarua】
关于2022年3月APT-C-41伪装为WinRar.exe攻击的终端侧应急响应排查点
APT-C-41 又被称为蓝色魔眼、StrongPity、Promethium,至少自 2012 年以来一直处于
活跃状态。2022 年 3 月,该组织伪装成常用压缩软件 WinRAR.exe 安装包进行情报刺探的
攻击活动样本。本次攻击活动使用了水坑攻击。总体攻击流程如下图所示:
终端侧针对此攻击的排查点
1.样本
| 序号 | 样本 | MD5 |
|---|---|---|
| 1 | WinRar.exe | AE72B18B38E4421A37A93C0820DDD83B |
| 2 | simserv.exe | 31C05FE3C509D9594B6F8BC2BB5F2FD1 |
| 3 | svvsrv.exe | 20019653C96F9556133A9BC4D811E6AE |
2.C2
sessionprotocol.com 解析 IP 地址为 192.236.193.78
| 序号 | 域名 |
|---|---|
| 1 | https://sessionprotocol.com/parse_ini_file.php |
| 2 | h |
边栏推荐
- 利用蜜罐反制蓝队
- 如何从HoloLens中拍摄出满意的照片/视频
- Common differences between MySQL and Oracle (I)
- Umask calculates the default permissions for creating files and directories
- How do I open an account with tongdaxin? Is it safe to open a stock account by mobile phone?
- Openpyxl drawing pie chart
- Li Mu hands on deep learning V2 target detection SSD
- Li Mu hands on deep learning V2 anchor box and code implementation in target detection
- @Repository @ [email protected] Understanding of annotations
- Software architecture and design (IV) -- data flow architecture
猜你喜欢
Connecting with enterprise wechat, customer relationship management can also be very simple!
Face beating
阿里最新总结2022年大厂面试真题+核心知识点全面覆盖+答案详解
在 SQL Server 中查找活动的 SQL 连接
ncnn 推理框架安装;onnx转ncnn
Torch in pytoch Max() function analysis
i. Mx6ull driver development | 30 - use EC20 4G network card (migrate gobinet driver)
单身杯,Web:web签到
Create and generate WiFi QR code mobile phone scanning link
Log in and operate the database with the command line
随机推荐
Matlab: usage of reading imagedatastore() from dataset
Torch in pytoch Max() function analysis
Umask calculates the default permissions for creating files and directories
EasyGBS平台编辑设备管理分组时,出现崩溃该如何解决?
umask计算创建文件、目录的默认权限
Li Mu hands on deep learning V2 target detection SSD
Swift value type and reference type
父游标、子游标及共享游标
Software architecture and design (I) -- key principles
Le langage r utilise la fonction Melt du paquet reshape 2 pour transformer les données de la table large en la table longue, la fonction dcast traite les données de la fonction Melt, et la table longu
【0基础运筹学】【超详细】列生成(Column Generation)
GeoServer complete tutorial
What's the use of fftshift? Why does matlab need fftshift after FFT?
[untitled] slow SQL analysis and optimization
Torch in pytoch Argmax() function parsing
MYSQL和 ORACLE 的常见区别(二)
单身杯,Web:web签到
Anhui University store
mysql 报错 mysqld:sort aborted:Server shutdown in progress 原因
JVM memory scaling