y5qa5B
y5qa5B
y5qa5B
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
ASERT Threat Intelligence Report 2016-03: The Four-Element Sword Engagement<br />
SHA-‐256 (maindll.dll): 5838582ea26312cc60b43da555189b439d3688597a705e3a52dc4d935517f69d <br />
SHA-‐256 (nvsvc.exe): ec05e37230e6534fa148b8e022f797ad0afe80f699fbd222a46672118663cf00 <br />
SHA-‐256 (runas.exe): 5b34b3365eb6a6c700b391172849a2668d66a167669018ae3b9555bc2d1e54ab <br />
File creation: conhost.log <br />
File creation: keylog <br />
File creation: srvlic.dll <br />
File creation: up.dat <br />
File creation: xx1.tmp <br />
File creation: xx2.tmp <br />
File creation: xx3.tmp <br />
File creation: xx4.tmp <br />
File creation: xx5.tmp <br />
File creation: xx6.tmp <br />
Targeted Exploitation #10: PlugX, Tibetan theme<br />
The original filename is HUMAN RIGHTS SITUATION IN TIBET.doc. <br />
The bait file is originally horizontal, but has been rotated for the sake of readability, and consists of the first <br />
two pages apparently from a document published by the Tibetan Center for Human Rights and Democracy <br />
called “HUMAN RIGHTS SITUATION IN TIBET”: <br />
The metadata for the Word bait file shows a February 2016 timeframe and the user “member0975”. <br />
36 Proprietary and Confidential Information of Arbor Networks, Inc.