ioc[.]one - OSINT Cyber Threat Intelligence Database

逆向心法修炼之道Flare-on 5Th WriteUP – 绿盟科技技术博客

Tags

attack-pattern:

Data Model Bootkit - T1542.003 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Software - T1592.002 Bootkit - T1067

Show in Graph

Common Information

Type	Value
UUID	b3aaa03e-ca73-4120-bc79-06f338133bc1
Fingerprint	8a009a396a4d12a1
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 1, 2018, 11:47 a.m.
Added to db	Jan. 18, 2023, 7:36 p.m.
Last updated	Nov. 18, 2024, 2:36 a.m.
Headline	逆向心法修炼之道Flare-on 5Th WriteUP
Title	逆向心法修炼之道Flare-on 5Th WriteUP – 绿盟科技技术博客
Detected Hints/Tags/Attributes	35/1/63

Source URLs

	Redirection	Url
Details	Source	http://blog.nsfocus.net/flare-on-5th-writeup/

URL Provider

Details	Provider	Source level domain
Details	nsfocus.net	blog.nsfocus.net

Attributes

Details	Type	#Events	Value
Details	Domain	28	flare-on.com
Details	Domain	1	getflag.py
Details	Domain	3	telemetry.mozilla.org
Details	Domain	8	safebrowsing.google.com
Details	Domain	1	services.mozilla.com
Details	Domain	4	array.prototype.slice.call
Details	Domain	46	ld-linux-x86-64.so
Details	Domain	8	bbs.pediy.com
Details	Domain	180	readme.md
Details	Domain	30	blog.csdn.net
Details	Domain	4128	github.com
Details	Email	1	goldenticket2018@flare-on.com
Details	Email	1	mor3_awes0m3_th4n_an_awes0me_p0ssum@flare-on.com
Details	Email	2	wasm_rulez_js_droolz@flare-on.com
Details	Email	2	p0rt_kn0ck1ng_0n_he4v3ns_d00r@flare-on.com
Details	Email	2	r3_phd@flare-on.com
Details	Email	2	scr1pt1ng_sl4ck1ng_and_h4ck1ng@flare-on.com
Details	Email	2	we4r_ur_v1s0r_w1th_fl4r3@flare-on.com
Details	Email	1	flag的已知部分@flare-on.com
Details	File	1	1bpngjhot7h5vvzsv4vissb60xj3px5g.exe
Details	File	1	getflag.py
Details	File	37	1.dll
Details	File	1	dll文件中检查dll注入进程是否为firefox.exe
Details	File	2	model.pas
Details	File	4	controller.js
Details	File	2	model.js
Details	File	4	view.js
Details	File	74	main.js
Details	File	1	对html的代码分析发现其中调用了main.js
Details	File	365	console.log
Details	File	1	这里加载的内容记作s0.dll
Details	File	1	加载crackme.dll
Details	File	1	劫持worldofwarcraft的执行流程到crackme.dll
Details	File	1	查找crackme.dll
Details	File	2	crackme.dll
Details	File	1	doogie.bin
Details	File	2	leet_editr.exe
Details	File	1	通过如下代码解密获得crouching_vbs_hidden_title.asm
Details	File	1	crouching_vbs_hidden_title.asm
Details	File	1	针对crouching_vbs_hidden_title.asm
Details	File	1	textin包含在crouching_vbs_hidden_title.asm
Details	File	2	golf.exe
Details	File	1	thread-144656.htm
Details	File	1	使用exe加密level9.zip
Details	File	7	cryptor.exe
Details	File	1	通过如下代码解密数据获得level9.zip
Details	File	1	其中的level9.png
Details	File	32	blog.cs
Details	File	6	tmp.dat
Details	File	9	key.dat
Details	File	2	message.dat
Details	File	1	mswin41.asm
Details	File	1	执行autoexec.bat
Details	File	3	infohelp.exe
Details	File	1	写key.dat
Details	File	1	读message.dat
Details	Github username	1	angea
Details	sha1	1	0d9c0c6c6a7f6b7189ce4758d112c25e48effe87
Details	Url	1	https://bbs.pediy.com/thread-144656.htm
Details	Url	1	http://wiki.flare.fireeye.com:8081/flareprojects、http://wiki.flare.fireeye.com:8081/flareon2018和http://wiki.flare.fireeye.com:8081/flareon2018challenge9
Details	Url	1	https://blog.csdn.net/guzhou_diaoke/article/details/8436037
Details	Url	1	https://github.com/angea/corkami/blob/master/misc/mbr/mswin41.asm
Details	Windows Registry Key	26	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows