– dd4b8a2dc73a29bc7a598148eb8606bb (Unwanted/353938) (2020.10.27.Although VMware already released a patch for its Horizon Servers in December, many users have not yet updated their systems - at the risk of a Log4j exploit attack. Jin Miner (MD5, alias, and engine version) InfoStealer (MD5, alias, and engine version)
NukeSped (MD5, alias, and engine version) Jin Miner is known as a malware strain distributed through the Log4Shell vulnerability, as shown in the previous Sophos report.
net user _smuser cmd.exe “net localgroup administrators /add smi140199”Īnalyzing the ASD log for the infected system shows that before the Lazarus group installed NukeSped, other attackers had already exploited the vulnerability to install Jin Miner. cmd.exe “net group “domain admins” /domain”. If the attack succeeds, the attacker can dominate the systems within the domain. The collected information can be used later in lateral movement attacks. The following commands show the basic network and domain information of the environment that has the infected system. The attacker collected additional information by using backdoor malware NukeSped to send command line commands. 
Targeted Software: MS Office (PowerPoint, Excel, and Word) and Hancom 2010
Collected Data: Names of recently used files. Targeted Software: Outlook Express, MS Office Outlook, and Windows Live Mail Collected Data: email account information. Targeted Software: Google Chrome, Mozilla Firefox, Internet Explorer, Opera, and Naver Whale Collected Data: accounts and passwords saved in browsers, browser history. The list of softwares and data for info-leakage is as follows:
0 kommentar(er)
