Sample Analysis | 绿盟科技博客

Analysis Report on the WannaCry Sample

2017-05-172017-05-22 郝秀文

The sample exploits the ETERNALBLUE SMB vulnerability or DOUBLEPULSAR backdoor for propagation and infection of the ransomware. The sample first connects to the domain name http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, to test network connectivity. If the network is reachable, the sample exits; otherwise, the sample carries out subsequent behaviors. Therefore, a reachable domain name can be registered to stop further attacks. 阅读全文 “Analysis Report on the WannaCry Sample” »

Operation Ghoul Attacks Technical Analysis and Solution

2016-09-072016-09-07 李东宏

On June 8 and June 27, 2016, Kaspersky Lab discovered a new wave of targeted attacks in multiple regions around the world. The attacker sent spear phishing emails to entice victims to execute malware in these emails for the purpose of obtaining key business data from the target network. 阅读全文 “Operation Ghoul Attacks Technical Analysis and Solution” »