火眼V2.2.0 α发布——新增HTML、JS、VBS类型的样本分析+增强六类行为解析
新增HTML、JS、VBS类型的样本分析+增强六类行为解析!一、12.12.12,千呼万唤的脚本分析给力发布!HTML、JS、VBS,抢先来体验一把~!http://piccache1.soso.com/face/_6152177202282439233
http://img.bbs.duba.net/forum/201212/12/182513n86s69e5en95v656.png
http://img.bbs.duba.net/forum/201212/12/1825122gf8g77f7gwima1r.png
http://img.bbs.duba.net/forum/201212/12/182513bglvlvhv1jjb1vlo.png
详情请前往火眼网站:
html:http://fireeye.ijinshan.com/analyse.html?md5=92037d35a4d1a3ca5341a5eb0f21fda8&type=1#full
js: http://fireeye.ijinshan.com/analyse.html?md5=30088199a7aeeacbba1b9302c94a5c14&type=1#full
vbs:http://fireeye.ijinshan.com/analyse.html?md5=1c68f92adbdb07c714d3aed0b3f0f34f&type=1#full
二、新增六类行为解析!
1.增强识别远程注入替换进程
http://fireeye.ijinshan.com/analyse.html?md5=a6494e656c7bf5142d77ad517e77e0d6&type=1#full
http://img.bbs.duba.net/forum/201212/12/192007qhind4k3vdpggn54.png
2.新增识别复制句柄行为解析
http://fireeye.ijinshan.com/analyse.html?md5=4efcf91ddb568bff472e2a192e493f30&type=1#full
http://img.bbs.duba.net/forum/201212/12/191042pbn4xx8xnp8rn34j.png
3.新增识别使用desktop.ini伪装系统文件夹行为解析
http://fireeye.ijinshan.com/analyse.html?md5=bdac4f325010e06281f411fba7537e08&type=1#full
http://img.bbs.duba.net/forum/201212/12/191043f15gqgq37czdr991.png
4.新增识别尝试打开驱动设备对象行为解析
http://fireeye.ijinshan.com/analyse.html?md5=3eebd0b18e6f4848d018c99644e2cc84&type=1#full
http://fireeye.ijinshan.com/analyse.html?md5=1e124f6cc981c4022cf9a646b640727a&type=1#full
http://img.bbs.duba.net/forum/201212/12/191043obabyxl5loyzyy49.png
5.增强查找内核模块识别
http://fireeye.ijinshan.com/analyse.html?md5=1e124f6cc981c4022cf9a646b640727a&type=1#full
http://fireeye.ijinshan.com/analyse.html?md5=4edb620e55b1e3dbf99b043c49a52de6&type=1#full
http://img.bbs.duba.net/forum/201212/12/191043wqm8s82gfkkkb9wv.png
6.增强hacktool类(远控控制端/ddos工具/其他黑客工具)的识别
http://fireeye.ijinshan.com/analyse.html?md5=a4721142877148ed056f54a495654ee5&type=1#full
http://fireeye.ijinshan.com/analyse.html?md5=e4db4c88b671d8797f5add9b36ce2c7a&type=1#full
http://img.bbs.duba.net/forum/201212/12/191044zbubni6phpgdz0n2.png
三、修复BUG
修复部分样本导致后台流程bug
页:
[1]