ioc[.]one - OSINT Cyber Threat Intelligence Database

记一次实战中解密JVMTI加密过的jar包

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	2ed17912-2434-48f1-b005-273070f95815
Fingerprint	ee980639aa4ac41f
Analysis status	DONE
Considered CTI value	0
Text language
Published	June 20, 2024, midnight
Added to db	Sept. 16, 2024, 3:28 p.m.
Last updated	Nov. 18, 2024, 2:36 a.m.
Headline	记一次实战中解密JVMTI加密过的jar包
Title	记一次实战中解密JVMTI加密过的jar包
Detected Hints/Tags/Attributes	34/1/51

Source URLs

	Redirection	Url
Details	Source	https://cn-sec.com/archives/3173807.html

URL Provider

Details	Provider	Source level domain
Details	cn-sec.com	cn-sec.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	483	✔	CN-SEC 中文网	https://cn-sec.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	83	xz.aliyun.com
Details	Domain	2	dcom.ibm.tools
Details	Domain	1	dspring.jpa.properties
Details	Domain	4	com.xxx.xxx
Details	Domain	1	dspring.redis.host
Details	Domain	4128	github.com
Details	Domain	1	array.prototype.map.call
Details	Domain	8	sys.stdin.read
Details	Domain	138	java.io
Details	Domain	6	is.read
Details	Domain	37	java.security
Details	Domain	3	com.sun.tools
Details	Domain	60	java.net
Details	Domain	1	sun.tools
Details	File	13	nssm.exe
Details	File	1	korat.exe
Details	File	87	java.exe
Details	File	1	如果上面已经自己启动了korat.exe
Details	File	1	查询java.exe
Details	File	1	xxx-startup.jar
Details	File	5	test.log
Details	File	1	libdonskoy.dll
Details	File	1	-dspring.dat
Details	File	3	asource.url
Details	File	2	asource.pas
Details	File	2	xxx.core
Details	File	1	redis.pas
Details	File	1	lib.dll
Details	File	1	my-lib.dll
Details	File	1	app_encrypted.jar
Details	File	1	library.cpp
Details	File	1	download_class.dll
Details	File	2	other.dll
Details	File	1	sa-jdi.jar
Details	File	1	%java_home%libsa-jdi.jar
Details	File	1	'libdonskoy.dll
Details	File	365	console.log
Details	File	1	guard.jar
Details	File	1	利用agent.jar
Details	File	1	util.jar
Details	File	10	cipher.ini
Details	File	1	利用两次agent.dll
Details	File	34	net.url
Details	File	1	attach-agent.jar
Details	Github username	2	kokke
Details	Github username	1	pod32g
Details	md5	1	72a2800aeb36cc98cc35bd7074e49193
Details	IPv4	1441	127.0.0.1
Details	Url	1	https://xz.aliyun.com/t/15423/3648
Details	Url	1	https://github.com/kokke/tiny-aes-c使用的
Details	Url	1	https://github.com/pod32g/md5