"vmware registration service (vmserverdwin32)" (Indicator: "vmware") Located in \%Program Files%\VMware\VMware GSX Server\" (Indicator: "vmware") "" called "ControlService" and sent control code "0X2000" to the system service "seclogon" ("Security Accounts Manager") "" called "ControlService" and sent control code "0X2000" to the system service "SDRSVC" ("Windows Backup") "" called "ControlService" and sent control code "0X2000" to the system service "SamSs" ("Security Accounts Manager") "" called "ControlService" and sent control code "0X2000" to the system service "MpsSvc" ("Windows Firewall") "" called "ControlService" and sent control code "0X2000" to the system service "wuauserv" ("Windows Update") "" called "ControlService" and sent control code "0X2000" to the system service "wscsvc" ("Windows Security Center") "" called "ControlService" and sent control code "0X2000" to the system service "WinDefend" ("Windows Defender") "" called "ControlService" and sent control code "0X2000" to the system service "sppsvc" ("Windows Software Protection") YARA signature "cerber" classified file "all.bstring" as "ransomware,cerber" based on indicators: "torproject,netsh,taskkill" (Author: Leo Fernandes - iDefense) YARA signature "mimikatz_lsass_mdmp" matched file "all.bstring" as "LSASS minidump file for mimikatz" based on indicators: "SYSTEM32\LSASS.EXE,system32\lsass.exe" (Author: Benjamin DELPY (gentilkiwi))
YARA signature "keyboy_commands" classified file "all.bstring" as "apt,keyboy" based on indicators: "Update,Refresh,OnLine,Sysinfo,Download,FileManager" (Author: Matt Brooks, signature "SurtrStrings" classified file "all.bstring" as "surtr" based on indicators: "Burn\" (Author: Katie Kleemola) YARA signature "PROMETHIUM_NEODYMIUM_Malware_2" classified file "all.bstring" as "apt,promethium,neodymium" based on indicators: "alg32.exe" (Reference:, Author: Florian Roth) YARA signature "Casper_Included_Strings" classified file "all.bstring" as "apt,casper" based on indicators: "aiomgr.exe" (Reference:, Author: Florian Roth) YARA signature "mimikatz_lsass_mdmp" matched process "AnVir.exe" as "LSASS minidump file for mimikatz" based on indicators: "SYSTEM32\LSASS.EXE" (Author: Benjamin DELPY (gentilkiwi)) YARA signature "cerber" classified file "" as "ransomware,cerber" based on indicators: "torproject,netsh,taskkill" (Author: Leo Fernandes - iDefense)
YARA signature "SurtrStrings" classified file "" as "surtr" based on indicators: "00736f756c00,Burn\" (Author: Katie Kleemola)
0 kommentar(er)
