Kaspersky_Lab_crouching_yeti_appendixes_eng_final
01.08.2014 Views
Share Embed Flag

Kaspersky_Lab_crouching_yeti_appendixes_eng_final

Kaspersky_Lab_crouching_yeti_appendixes_eng_final

Kaspersky_Lab_crouching_yeti_appendixes_eng_final

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
r0bertmart1nez

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

50<br />

• Setup crypt key infrastructure with keys in registry (valid for both variants)<br />

Keys (stored in “Software\Microsoft\Internet Explorer\InternetRegistry\SNLD”)<br />

(‘prv’) - used to decrypt incoming c2-communication<br />

db ‘AATnkDHDlO+cOi/6zqUVoaA2DfbTyIoP8y1+Q5MxLfimzeQFgJvk/mdHDjghFl5p2’<br />

db ‘naTmm9y6IAQ2JZpTFhW1WVqC6a8sipU62zO94YwwqtThm+0citlfP4NyEm79c9Qok’<br />

db ‘0S4wG9+87/9FPLbZG9h0DNBTjWDqyoyQP6Hy7r0ty/nwAAAAAAAAAAAAAAAAAAAAA’<br />

db ‘AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA’<br />

db ‘AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA’<br />

db ‘AAAAAAAAAAAAAAAAQABpCpH/X6TONDPvyHNS76gFHJl8NMVfiVKtV829QDAbZE9/O’<br />

db ‘CmpPvvQCLGjD6NhMIKmq48INzQHiFO0Sv83OLA18pc18oIfDBtkyBnZRoaIrw3+tn’<br />

db ‘sLwpEtYRtJ3axE4lT8ZBZ6Zu0EPXjqPkqbxH1RqF4pjBx1Rj15Ky/h1J+CwH0Ftmu’<br />

db ‘gRGp/CISiQDvB3kDRFjp42s0xOyce8jhmSNH5+E2PM3cXqCknRdIf6ZDRO2alMdds’<br />

db ‘TJhPV0S7hl+LNbB8tzetjZ6zRsZL46NGcj2p6bfQ1jMrgwPWI1Run8uin/YjnTyHp’<br />

db ‘ecKai3AWGFHo8SR5dJkFpHb07R1wmlMZqOXyVqc0fapRiHe7mXorsBTD2B9pczszV’<br />

db ‘Nkm+SUgKy9MOK+ezUeUH0h290XSNR3eyl3j453C2ygeSCAYhrUyESQoGQgF57KDs0’<br />

db ‘4pS/uR+3Yd1wr1dUKPfP7xkKZTtlrdqxSZQ+XtLY5PhjySDqT233WsVTl26L10t9r’<br />

db ‘PYp7nE97Godz8DXn8HfCsqRvYwdwfrOD3cpAnBL2u6gU/G5Cvw47QyiCF96iMMPuW’<br />

db ‘Vq25/xLj9Zc+aWMtS9+jVKxnlnvdaxIQ==’,0<br />

(‘pubm’) - used to encrypt outgoing c2-communication<br />

db ‘AAStvhUWRdUCbz2jXG52xG6OXgtHxG9Qd/ckNJ2tQHZAfxDI/H3lmxy2JXILgri/h’<br />

db ‘pf0taVjAbfsohMc+aBndaYkQa73k/WPXvi8lFFCbKBBGVfj7xo4CmiEC5blZCHDNt’<br />

db ‘E6poNeUFKddcXXQAeGOwcvQmVHSxQn+uHIS+VqetyEaQAAAAAAAAAAAAAAAAAAAAA’<br />

db ‘AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA’<br />

db ‘AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA’<br />

db ‘AAAAAAAAAAAAAAAAQAB’,0<br />

(‘pub’) - used to encrypt files<br />

db ‘AATnkDHDlO+cOi/6zqUVoaA2DfbTyIoP8y1+Q5MxLfimzeQFgJvk/mdHDjghFl5p2’<br />

db ‘naTmm9y6IAQ2JZpTFhW1WVqC6a8sipU62zO94YwwqtThm+0citlfP4NyEm79c9Qok’<br />

db ‘0S4wG9+87/9FPLbZG9h0DNBTjWDqyoyQP6Hy7r0ty/nwAAAAAAAAAAAAAAAAAAAAA’<br />

db ‘AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA’<br />

db ‘AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA’<br />

db ‘AAAAAAAAAAAAAAAAQAB’,0<br />

AGTwRec:<br />

Gathers victim information and stores it in an encrypted XML-like-file in %TEMP%<br />

TLP: Green<br />

For any inquire please contact intelreports@kaspersky.com

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!