Notice: Undefined index: profile_error in /home/securitycrawler/public_html/wp-content/plugins/newsletter/subscription/subscription.php on line 60

Instant Indicators of Compromise – We beat the average Anti-Virus by 3 hours using BRO/SNORT


Here is an example of a threat that within 5 minutes would be indexed and in our threat database for use with BRO, Snort, YARA and various other tools to detect this threat on your network or host(s).

 

Troj/Kovter-DU exhibits the following characteristics:

File Information

Size
416K
SHA-1
ccfab55637b02ac0d9bdec188e3d95f073c6c4f9
MD5
d7d3e1a60969ff9724d4bcdf1f6182d3
CRC-32
f10d2a5e
File type
Windows executable
First seen
2016-08-19

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    (Default)
    “c□□\□@o□0u□□e□□t□0 □□n□@ □0e□@t□□n□ps□□s□Pp□□o□ t□□l□□c□□l□□s□Pt□@i□□g□0\□□p□□l□□c□□t□□o□□ □@a□@a□□s□Pg□□\□0e□pi□□e□□e□
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\OSUpgrade
    ReservationsAllowed
    0x00000000
  • HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
    iexplore.exe
    0x000022b8
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    (Default)
    “c□□\□@o□0u□□e□□t□0 □□n□@ □0e□@t□□n□ps□□s□Pp□□o□ t□□l□□c□□l□□s□Pt□@i□□g□0\□□p□□l□□c□□t□□o□□ □@a□@a□□s□Pg□□\□0e□pi□□e□□e□
  • HKCU\Software\xfpc
    zicnratqz
    c:\Documents and Settings\test user\Local Settings\Application Data\segi\segi.exe
  • HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
    DisableOSUpgrade
    0x00000001
  • HKLM\SOFTWARE\xfpc
    zicnratqz
    c:\Documents and Settings\test user\Local Settings\Application Data\segi\segi.exe
  • HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
    iexplore.exe
    0x000022b8
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    2300
    0x00000000
Processes Created
  • c:\windows\system32\ntvdm.exe
  • c:\windows\system32\regsvr32.exe
HTTP Requests
  • http://-\xb7
  • http://-i
  • http://-|
  • http://download.microsoft.com/download/E/C/E/ECE99583-2003-455D-B681-68DB610B44A4/WindowsXP-KB968930-x86-ENG.exe
  • http://microsoft.com/
IP Connections
  • 102.91.24.199:80
  • 111.44.185.95:80
  • 117.245.97.26:80
  • 119.43.175.172:80
  • 121.223.218.223:443
  • 124.116.132.92:80
  • 125.232.48.139:80
  • 133.40.29.27:80
  • 146.22.148.187:80
  • 155.56.6.153:80
  • 158.12.193.202:80
  • 175.57.142.132:80
  • 179.224.241.18:80
  • 185.117.72.90:80
  • 2.231.124.238:80
  • 201.96.217.21:80
  • 209.236.249.45:80
  • 212.91.127.64:80
  • 219.204.1.173:80
  • 32.213.193.171:80
  • 40.76.251.238:80
  • 41.50.231.135:80
  • 48.81.16.131:80
  • 49.36.42.221:80
  • 57.29.106.226:80
  • 59.250.179.103:80
  • 7.60.77.186:443
  • 74.45.108.159:8080
  • 83.204.165.115:80
  • 84.167.203.86:443
  • 9.139.53.172:80
DNS Requests
  • download.microsoft.com
  • microsoft.com

Leave a Reply

Your email address will not be published. Required fields are marked *