Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Interesting #malware correlation 1: #keybase #emotet and #ramnit all access:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\LastRestoreId
- Interesting #malware correlation 2: #arsstealer and #pony use the exact same UA:
- Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
- Interesting #malware correlation 3: #smokeloader, #nanocore, and #keybase all access:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\FinalizerActivityBypass
- Interesting #malware correlation 4: new #smokeloader and #ursnif both access:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\explorer.exe
- Interesting #malware correlation 5: new #smokeloader, #netwire, and #emotet all check:
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ElevateNonAdmins
- Interesting #malware correlation 6: #flawedammyy and #arsstealer both access:
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\SecurityCenter2
- Interesting #malware correlation 7: #loda and #darkcomet both check:
- HKEY_CURRENT_USER\Control Panel\Mouse\SwapMouseButtons
- Interesting #malware correlation 8: #azorult v3 and #keybase both check:
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc\Environment
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement