HID simulation for DRAKVUF
Common Information
Type Value
UUID 337f47b4-79a3-43b8-9708-f672591df6de
Fingerprint 28a21a3e0d77a690
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 20, 2021, midnight
Added to db Aug. 31, 2024, 1:44 a.m.
Last updated Dec. 25, 2024, 2:36 a.m.
Headline Overview
Title HID simulation for DRAKVUF
Detected Hints/Tags/Attributes 49/1/36
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 81 CERT Polska https://cert.pl/en/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2
summerofcode.withgoogle.com
Details Domain 4722
github.com
Details Domain 76
www.rapid7.com
Details Domain 2
wiki.qemu.org
Details Domain 1
qemu-project.gitlab.io
Details Domain 4
volatility-labs.blogspot.com
Details Domain 2
moyix.blogspot.com
Details File 313
user32.dll
Details File 2
mouclass.sys
Details File 1
events.bin
Details File 122
win32k.sys
Details File 1
isf-file.json
Details File 1
win32k-isf-file.json
Details File 1
human.py
Details File 1
qemu-qmp-ref.html
Details File 1
movp-43-taking-screenshots-from-memory.html
Details File 1
using-volatility-for-introspection.html
Details Github username 1
tklengyel
Details Github username 4
cuckoosandbox
Details Github username 1
changeofpace
Details Url 1
https://summerofcode.withgoogle.com/projects/#6703931754807296
Details Url 1
https://github.com/tklengyel/drakvuf/pull/1229
Details Url 1
https://github.com/tklengyel/drakvuf/pull/1231
Details Url 1
https://github.com/tklengyel/drakvuf/pull/1238
Details Url 1
https://github.com/tklengyel/drakvuf/pull/1255
Details Url 1
https://github.com/tklengyel/drakvuf/pull/1256
Details Url 1
https://github.com/tklengyel/drakvuf/pull/1257
Details Url 1
https://github.com/tklengyel/drakvuf/pull/1287
Details Url 1
https://www.rapid7.com/blog/post/2013/04/16/fooling-malware-like-a-boss-with-cuckoo-sandbox
Details Url 1
https://github.com/cuckoosandbox/cuckoo/blob/master/cuckoo/data/analyzer/windows/modules/auxiliary/human.py
Details Url 1
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/overview-of-device-interface-classes
Details Url 1
https://github.com/changeofpace/mouclassinputinjection
Details Url 1
https://wiki.qemu.org/documentation/qmp
Details Url 1
https://qemu-project.gitlab.io/qemu/interop/qemu-qmp-ref.html#qapidoc
Details Url 1
https://volatility-labs.blogspot.com/2012/10/movp-43-taking-screenshots-from-memory.html
Details Url 1
http://moyix.blogspot.com/2009/03/using-volatility-for-introspection.html