BKDR_BRAMBUL.TPR
Backdoor:Win32/Brambul.A (Microsoft)
Windows
Tipo di minaccia informatica:
Backdoor
Distruttivo?:
No
Crittografato?:
In the wild::
Sì
Panoramica e descrizione
Dettagli tecnici
Otras modificaciones del sistema
Agrega las siguientes entradas de registro:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
services\SharedAccess\Parameters\
FirewallPolicy\FirewallRules
TCP Query User{random}{malware path}\{malware name} = "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App={malware path}\{malware name}|Name={malware base name}|Desc={malware base name}|Defer=User|"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
services\SharedAccess\Parameters\
FirewallPolicy\FirewallRules
UDP Query User{random}{malware path}\{malware name} = "v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App={malware path}\{malware name}|Name={malware base name}|Desc={malware base name}|Defer=User|"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
{malware path}\{malware name} = "{malware path}\{malware name}:*:Enabled:{malware base name}"