ch0ic3/CyberThreatIntel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Malware analysis 26-08-19.md

Browse Source
This commit is contained in:
StrangerealIntel 2019-09-05 01:47:29 +02:00 committed by GitHub
parent cbf448ddbd
commit 0a6d40e3dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Israel/APT/Unknown/26-08-19/Malware analysis 26-08-19.md
View File

@ -5,7 +5,7 @@
+ [Loader](#loader)
+ [JS Backdoor](#Backdoor)
* [Cyber Threat Intel](#Cyber-Threat-Intel)
+ [Origin of the method for the JS Backdoor](#Backdoor)
+ [Origin of the method for the JS Backdoor](#Origin)
+ [A army in perdition, an difficult situation](#Army)
+ [A war of misinformation](#War)
+ [The drone attack, a result of the information campaign ?](#Result)
@ -92,7 +92,7 @@
![alt text](https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/Israel/APT/Unknown/26-08-19/Images/cyber.PNG "")
## Cyber Threat Intel <a name="Cyber-Threat-Intel"></a>
### Origin of the method for the JS Backdoor <a name="Backdoor"></a>
### Origin of the method for the JS Backdoor <a name="Origin"></a>
###### Firstly, the method for load the JS Backdoor is edited from a post published in 2015 on a forum for show a method for the both architecture for the development of a worm.
![alt text](https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/Israel/APT/Unknown/26-08-19/Images/Post.PNG "")
###### We can see that the name of the instance is changed and the html tags are removed.If we add the notes from the malware analysis, we can conclude that the malware has been edited in emergency.