ÇØÄ¿Áî´º½º / ÇØÄ¿´ëÇÐ

Donation bitcoin(±âºÎ¿ë ºñÆ®ÄÚÀÎ ÁÖ¼Ò)

¡¡
1Pq3K39XM5xx4CifGKgppXeavtWNNHH7K4
¡¡
±âºÎÇϽŠºñÆ®ÄÚÀÎÀº "º¸¾È Ãë¾à °èÃþ"À» À§ÇØ »ç¿ëµÇ°í ÀÖ½À´Ï´Ù.
¡¡
¡¡

Donation bitcoin(±âºÎ¿ë ºñÆ®ÄÚÀÎ ÁÖ¼Ò)

¡¡
1Pq3K39XM5xx4CifGKgppXeavtWNNHH7K4
¡¡
±âºÎÇϽŠºñÆ®ÄÚÀÎÀº "º¸¾È Ãë¾à °èÃþ"À» À§ÇØ »ç¿ëµÇ°í ÀÖ½À´Ï´Ù.
¡¡

°øÁö

¡¡

1. MS ¿§Áö ºê¶ó¿ìÀú¿¡¼­ÀÇ °æ°íâÀº 'À©µµ¿ì µðÆæ´õ'¸¦ ²ô½Ã¸é µË´Ï´Ù.

             'À©µµ¿ì µðÆæ´õ ²ô±â'

2. Å©·Ò ºê¶ó¿ìÀú·Î Á¢¼Ó½Ã ³ª¿À´Â ¾Ç¼ºÄÚµå °æ°íâÀº ±¸±Û Å©·ÒÀÇ ¿¡·¯, Áï ¿ÀŽ(ŽÁö ¿À·ù)À̹ǷΠ¹«½ÃÇÏ½Ã¸é µË´Ï´Ù.

3. ÀÌ »çÀÌÆ®´Â ¾ÈÀüÇÏ¸ç ±ú²ýÇÏ´Ù´Â °ÍÀ» ¾Ë·Á µå¸³´Ï´Ù.

4. ¹«°íÇÑ »çÀÌÆ®µé¿¡ ´ëÇÑ °ø·æ ±â¾÷ ºê¶ó¿ìÀúµéÀÇ ¹«Â÷º°ÀûÀÎ 'ŽÁö ¿À·ù ȾÆ÷'°¡ »ç¿ëÀÚµéÀÇ Á¤º¸ °øÀ¯ÀÇ ÀÚÀ¯¸¦ ħÇØÇÏ°í ÀÖ½À´Ï´Ù. ÀÌ¿¡ ´ëÀÀÇÏ¿© ÀÌ ±â¾÷µéÀ» »ó´ë·Î ¼Ò¼ÛÀ» ÁغñÇÏ°í ÀÖ½À´Ï´Ù.

¡¡



ÇØÄ¿Áî´º½º Á¦°ø ¹ÙÀÌ·¯½º °æº¸
¸íĪ: Trojan.Reaver
¹ß·ÉÀϽÃ: 2017.11.15
À¯Çü: Æ®·ÎÀÌ
À§Çèµµ: ÇÏ
ÇØ´ç½Ã½ºÅÛ: À©µµ
ÁÖ¿äÁõ»ó: ¾Ç¼ºÄÚµå È°µ¿ ¼öÇà
2017/11/15(¼ö)
Trojan.Reaver  
¸íĪ : Trojan.Reaver
¹ß·ÉÀϽà : 11¿ù15ÀÏ
À¯Çü : Æ®·ÎÀÌ
À§Çèµµ : ¡Ú¡Ù¡Ù¡Ù¡Ù
ÇØ´ç½Ã½ºÅÛ : À©µµ
ÁÖ¿äÁõ»ó : ¾Ç¼ºÄÚµå È°µ¿ ¼öÇà
Infection Length:  Varies
Systems Affected:  Windows
Trojan.Reaver is a Trojan horse that may perform malicious activities on the compromised computer.

=====

Once executed, the Trojan creates the following files:
•%Temp%\winhelp.dat
•%Temp%\~Update.lnk
•%CommonProgramFiles%\Services\winhelp.dat
•%CommonProgramFiles%\Services\winhelp.cpl
•%CommonProgramFiles%\Services\winhelp.cpl
•%AppData%\microsoft\mmc\winhelp.dat
•%AppData%\microsoft\mmc\winhelp.cpl
•%AppData%\microsoft\mmc\winhelp.cpl
•%AppData%\Random_name\updata.log
•%AppData%\Random_name\sppsvc.exe
•%AppData%\Random_name\sppsvc.exe
•%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\dwm.lnk
•%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\sppsvc.lnk

The Trojan creates the following registry entries:
•HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\Parameters\"ServiceDll" = "%CommonProgramFiles%\Services\winhelp.cpl ""
•HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\"DisplayName" = "Windows Multimedia Service"
•HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\"Description" = "Windows Multimedia Service for media devices"

Next, the Trojan connects to the following remote location:
•[http://]www.fyoutside.com/DWM1UT98C6[REMOVED]

The Trojan then gathers the following information from the compromised computer:
•Computer name
•Processor speed
•IP Address
•Operating system version
•Memory information
•Volume serial number

The Trojan may then carry out the following actions on the compromised computer:
•Read, write, delete, and move files
•Create and end processes

¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ

Copyright¨Ï2000-2017 All rights reserved

         ÇØÄ¿Áî´º½º / ÇØÄ¿´ëÇÐ

¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ
                    ´äº¯/°ü·Ã ¾²±â Æû¸ÞÀÏ ¹ß¼Û
NoI¢ÆN¢ÆD¢ÆE¢ÆXDate
2082   VBS.Heur.SNIC.2 2017/12/18
2081   Trojan.Sofacy!g1 2017/12/01
2080   Trojan.Reaver 2017/11/15
2079   SONAR.SuspBeh!gen627 2017/11/06
2078   SONAR.PoshSpy!gen1 2017/10/22
2077   PUA.ErrorEnd 2017/10/05
2076   Linux.Proxym 2017/09/26
2075   Android.Wirex 2017/09/15

 
óÀ½ ÀÌÀü ´ÙÀ½       ¸ñ·Ï