Kaspersky_Lab_crouching_yeti_appendixes_eng_final
Kaspersky_Lab_crouching_yeti_appendixes_eng_final
Kaspersky_Lab_crouching_yeti_appendixes_eng_final
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
50<br />
• Setup crypt key infrastructure with keys in registry (valid for both variants)<br />
Keys (stored in “Software\Microsoft\Internet Explorer\InternetRegistry\SNLD”)<br />
(‘prv’) - used to decrypt incoming c2-communication<br />
db ‘AATnkDHDlO+cOi/6zqUVoaA2DfbTyIoP8y1+Q5MxLfimzeQFgJvk/mdHDjghFl5p2’<br />
db ‘naTmm9y6IAQ2JZpTFhW1WVqC6a8sipU62zO94YwwqtThm+0citlfP4NyEm79c9Qok’<br />
db ‘0S4wG9+87/9FPLbZG9h0DNBTjWDqyoyQP6Hy7r0ty/nwAAAAAAAAAAAAAAAAAAAAA’<br />
db ‘AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA’<br />
db ‘AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA’<br />
db ‘AAAAAAAAAAAAAAAAQABpCpH/X6TONDPvyHNS76gFHJl8NMVfiVKtV829QDAbZE9/O’<br />
db ‘CmpPvvQCLGjD6NhMIKmq48INzQHiFO0Sv83OLA18pc18oIfDBtkyBnZRoaIrw3+tn’<br />
db ‘sLwpEtYRtJ3axE4lT8ZBZ6Zu0EPXjqPkqbxH1RqF4pjBx1Rj15Ky/h1J+CwH0Ftmu’<br />
db ‘gRGp/CISiQDvB3kDRFjp42s0xOyce8jhmSNH5+E2PM3cXqCknRdIf6ZDRO2alMdds’<br />
db ‘TJhPV0S7hl+LNbB8tzetjZ6zRsZL46NGcj2p6bfQ1jMrgwPWI1Run8uin/YjnTyHp’<br />
db ‘ecKai3AWGFHo8SR5dJkFpHb07R1wmlMZqOXyVqc0fapRiHe7mXorsBTD2B9pczszV’<br />
db ‘Nkm+SUgKy9MOK+ezUeUH0h290XSNR3eyl3j453C2ygeSCAYhrUyESQoGQgF57KDs0’<br />
db ‘4pS/uR+3Yd1wr1dUKPfP7xkKZTtlrdqxSZQ+XtLY5PhjySDqT233WsVTl26L10t9r’<br />
db ‘PYp7nE97Godz8DXn8HfCsqRvYwdwfrOD3cpAnBL2u6gU/G5Cvw47QyiCF96iMMPuW’<br />
db ‘Vq25/xLj9Zc+aWMtS9+jVKxnlnvdaxIQ==’,0<br />
(‘pubm’) - used to encrypt outgoing c2-communication<br />
db ‘AAStvhUWRdUCbz2jXG52xG6OXgtHxG9Qd/ckNJ2tQHZAfxDI/H3lmxy2JXILgri/h’<br />
db ‘pf0taVjAbfsohMc+aBndaYkQa73k/WPXvi8lFFCbKBBGVfj7xo4CmiEC5blZCHDNt’<br />
db ‘E6poNeUFKddcXXQAeGOwcvQmVHSxQn+uHIS+VqetyEaQAAAAAAAAAAAAAAAAAAAAA’<br />
db ‘AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA’<br />
db ‘AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA’<br />
db ‘AAAAAAAAAAAAAAAAQAB’,0<br />
(‘pub’) - used to encrypt files<br />
db ‘AATnkDHDlO+cOi/6zqUVoaA2DfbTyIoP8y1+Q5MxLfimzeQFgJvk/mdHDjghFl5p2’<br />
db ‘naTmm9y6IAQ2JZpTFhW1WVqC6a8sipU62zO94YwwqtThm+0citlfP4NyEm79c9Qok’<br />
db ‘0S4wG9+87/9FPLbZG9h0DNBTjWDqyoyQP6Hy7r0ty/nwAAAAAAAAAAAAAAAAAAAAA’<br />
db ‘AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA’<br />
db ‘AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA’<br />
db ‘AAAAAAAAAAAAAAAAQAB’,0<br />
AGTwRec:<br />
Gathers victim information and stores it in an encrypted XML-like-file in %TEMP%<br />
TLP: Green<br />
For any inquire please contact intelreports@kaspersky.com