Fareit Trojan Analysis and Prevention – 绿盟科技技术博客
Tags
| cmtmf-attack-pattern: | Code Injection |
| country: | China India |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Botnet - T1583.005 Botnet - T1584.005 Code Injection - T1540 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | df405beb-15a6-41cb-9e5c-3936526b0284 |
| Fingerprint | f09d3f2c61e2e648 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 13, 2015, 11:38 p.m. |
| Added to db | Jan. 18, 2023, 7:36 p.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Fareit Trojan Analysis and Prevention |
| Title | Fareit Trojan Analysis and Prevention – 绿盟科技技术博客 |
| Detected Hints/Tags/Attributes | 78/4/46 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://blog.nsfocus.net/fareit-trojan-analysis-prevention/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 25 | blog.nsfocus.net |
|
| Details | Domain | 26 | weibo.com |
|
| Details | Domain | 2 | tekboss.xyz |
|
| Details | Domain | 1 | 32bitftp.in |
|
| Details | Domain | 2 | gate.ph |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 1 | sm.dat |
|
| Details | File | 1 | c:\documents and settings\administrator\application data\ghisler\wcx_ftp.ini |
|
| Details | File | 1 | c:\documents and settings\administrator\wcx_ftp.ini |
|
| Details | File | 1 | c:\windows\wcx_ftp.ini |
|
| Details | File | 1 | c:\documents and settings\all users\application data\ghisler\wcx_ftp.ini |
|
| Details | File | 1 | c:\documents and settings\administrator\local settings\application data\ghisler\wcx_ftp.ini |
|
| Details | File | 1 | c:\documents and settings\administrator\application data\globalscape\cuteftp\sm.dat |
|
| Details | File | 1 | c:\documents and settings\administrator\application data\globalscape\cuteftp pro\sm.dat |
|
| Details | File | 1 | c:\documents and settings\administrator\application data\globalscape\cuteftp lite\sm.dat |
|
| Details | File | 1 | c:\documents and settings\administrator\application data\cuteftp\sm.dat |
|
| Details | File | 1 | c:\documents and settings\all users\application data\globalscape\cuteftp\sm.dat |
|
| Details | File | 1 | c:\documents and settings\all users\application data\globalscape\cuteftp pro\sm.dat |
|
| Details | File | 1 | c:\documents and settings\all users\application data\globalscape\cuteftp lite\sm.dat |
|
| Details | File | 1 | c:\documents and settings\all users\application data\cuteftp\sm.dat |
|
| Details | File | 1 | c:\documents and settings\administrator\local settings\application data\globalscape\cuteftp\sm.dat |
|
| Details | File | 1 | c:\documents and settings\administrator\local settings\application data\globalscape\cuteftp pro\sm.dat |
|
| Details | File | 1 | c:\documents and settings\administrator\local settings\application data\globalscape\cuteftp lite\sm.dat |
|
| Details | File | 1 | c:\documents and settings\administrator\local settings\application data\cuteftp\sm.dat |
|
| Details | File | 1 | c:\program files\globalscape\cuteftp\sm.dat |
|
| Details | File | 1 | c:\program files\globalscape\cuteftp\setup\sm.dat |
|
| Details | File | 1 | c:\program files\globalscape\cuteftp\scripts\sm.dat |
|
| Details | File | 1 | c:\program files\globalscape\cuteftp pro\sm.dat |
|
| Details | File | 1 | c:\program files\globalscape\cuteftp lite\sm.dat |
|
| Details | File | 1 | c:\program files\cuteftp\sm.dat |
|
| Details | File | 1 | c:\documents and settings\administrator\application data\flashfxp\3\sites.dat |
|
| Details | File | 1 | c:\documents and settings\administrator\application data\flashfxp\4\sites.dat |
|
| Details | File | 1 | c:\documents and settings\administrator\application data\flashfxp\4\history.dat |
|
| Details | File | 1 | c:\documents and settings\administrator\application data\filezilla\sitemanager.xml |
|
| Details | File | 1 | c:\documents and settings\administrator\local settings\application data\filezilla\recentservers.xml |
|
| Details | File | 1 | c:\documents and settings\administrator\application data\expandrive\drives.js |
|
| Details | File | 1 | c:\documents and settings\administrator\application data\sharedsettings.sql |
|
| Details | File | 2 | c:\users\john\appdata\local\temp\4719217.bat |
|
| Details | File | 2 | c:\users\john\desktop\123\123.exe |
|
| Details | File | 3 | advapi32.reg |
|
| Details | IPv4 | 2 | 198.105.221.5 |
|
| Details | Url | 4 | http://blog.nsfocus.net |
|
| Details | Url | 3 | http://weibo.com/threatresponse |
|
| Details | Url | 1 | http://tekboss.xyz |
|
| Details | Url | 1 | http://tekboss.xyz/ponnie/gate.ph |
|
| Details | Windows Registry Key | 14 | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall |