HackTool.Win64.GhostCert.A
Win64:Evo-gen [Trj](AVAST)
Windows
Tipo di minaccia informatica:
Hacking Tool
Distruttivo?:
No
Crittografato?:
In the wild::
Sì
Panoramica e descrizione
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Dettagli tecnici
Detalles de entrada
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Otros detalles
Hace lo siguiente:
- It is a tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS).
- It can find information about all registered CAs.
- It can find all enabled certificate templates.
- It can find vulnerable/abusable certificate templates using default low-privileged groups
- It can find enabled certificate templates where ENROLLEE_SUPPLIES_SUBJECT is enabled
- It can find enabled certificate templates capable of client authentication
- It can find all enabled certificate templates, display all of their permissions.
- It can find all enabled certificate templates and output to a json file.
- It can Enumerate access control information for PKI objects
- It can request a new certificate using the current user context
- It can request a new certificate using the current machine context
- It can request a new certificate using the current user context but for an alternate name (if supported)
- It can request a new certificate on behalf of another user, using an enrollment agent certificate
- It can download an already requested certificate
- It can query LDAP in order to list templates which allow domain users to enroll.
- It can discover certificates that allow Client Authentication
- It can enroll certificate to a User
- It can enroll Domain Users Rights
- It can show Enterprise CA Information
- It could request certificates for the machine account by executing this tool with the “/machine” argument from an elevated command prompt. This could allow authentication to be performed as the machine account.
Soluzioni
Step 2
Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.
Step 3
Explorar el equipo con su producto de Trend Micro para eliminar los archivos detectados como HackTool.Win64.GhostCert.A En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.
Sondaggio