HackTool.PS1.SHARPHOUND.G
PowerShell/RiskWare.BloodHound.F application (NOD32)
Windows
Type de grayware:
Hacking Tool
Destructif:
Non
Chiffrement:
In the wild::
Oui
Overview
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Détails techniques
Übertragungsdetails
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Andere Details
Es macht Folgendes:
- It accepts the following commands and actions:
- -c, --collectionmethods → Container, Group, LocalGroup, GPOLocalGroup, Session, LoggedOn, ObjectProps, ACL, ComputerOnly, Trusts, Default, RDP, DCOM, DCOnly, UserRights, CARegistry, DCRegistry, CertServices
- -d, --domain → Specify domain to enumerate
- -s, --searchforest → Search all available domains in the forest
- --stealth → Stealth Collection
- -f → Add an LDAP filter to the pregenerated filter
- --distinguishedname → Base DistinguishedName to start the LDAP search
- --computerfile → Path to file containing computer names to enumerate
- --outputdirectory → Directory to output file
- --outputprefix → String to prepend to output file names
- --cachename → Filename for cache (Defaults to a machine specific identifier)
- --memcache → Keep cache in memory and don't write to disk
- --rebuildcache → Rebuild cache and remove all entries
- --randomfilenames → Use random filenames for output
- --zipfilename → Filename for the zip
- --nozip → Don't zip files
- --trackcomputercalls → Adds a CSV tracking requests to computers
- --zippassword → Password protects the zip with the specified password
- --prettyprint → Pretty print JSON
- --ldapusername → Username for LDAP
- --ldappassword → Password for LDAP
- --domaincontroller → Override domain controller to pull LDAP
- --ldapport → Override port for LDAP
- --secureldap → Connect to LDAP SSL instead of regular LDAP
- --disablecertverification → Disable certificate verification for secure LDAP
- --disablesigning → Disables Kerberos Signing/Sealing
- --skipportcheck → Skip checking if 445 is open
- --portchecktimeout → Timeout for port checks in milliseconds
- --skippasswordcheck → Skip PwdLastSet age check when checking computers
- --excludedcs → Exclude domain controllers from session/localgroup enumeration
- --throttle → Add a delay after computer requests in milliseconds
- --jitter → Add jitter to throttle
- --threads → Number of threads to run enumeration with
- --skipregistryloggedon → Skip registry session enumeration
- --overrideusername → Override the username to filter for NetSessionEnum
- --realdnsname → Override DNS suffix for API calls
- --collectallproperties → Collect all LDAP properties from objects
- -l, --Loop → Loop computer collection
- --loopduration → Loop duration
- --loopinterval → Add delay between loops
- --statusinterval → Interval in which to display status in milliseconds
- --localadminsessionenum → Specify if to use a dedicated LOCAL user for session enumeration
- --localadminusername → Specify the username of the localadmin for session enumeration
- --localadminpassword → Specify the password of the localadmin for session enumeration
- -v → Enable verbose output
- --help → Display help screen
- --version → Display version information
Solutions
Step 1
Für Windows ME und XP Benutzer: Stellen Sie vor einer Suche sicher, dass die Systemwiederherstellung deaktiviert ist, damit der gesamte Computer durchsucht werden kann.
Step 2
Durchsuchen Sie Ihren Computer mit Ihrem Trend Micro Produkt, und löschen Sie Dateien, die als HackTool.PS1.SHARPHOUND.G entdeckt werden. Falls die entdeckten Dateien bereits von Ihrem Trend Micro Produkt gesäubert, gelöscht oder in Quarantäne verschoben wurden, sind keine weiteren Schritte erforderlich. Dateien in Quarantäne können einfach gelöscht werden. Auf dieser Knowledge-Base-Seite finden Sie weitere Informationen.
Participez à notre enquête!