求分析
隐藏巨深的病毒
a89238381a 2019-02-28 13:06:40 367人浏览

该病毒会在C盘根目录下建立两个隐藏文件夹,建立后下载http://www.w3.org/TR/html4/loose.dtd等文件,注入iexplore.exe,下载dat文件

威胁指标(IOC)
匿名用户 2019-02-28 15:52:11 回复
还有没有其他相关的信息,
社区用户名 2019-02-28 13:37:21 回复
This is the HTML 4.01 Transitional DTD, which includes
presentation attributes and elements that W3C expects to phase out
as support for style sheets matures. Authors should use the Strict
DTD when possible, but may use the Transitional DTD when support
for presentation attribute and elements is required.

HTML 4 includes mechanisms for style sheets, scripting,
embedding objects, improved support for right to left and mixed
direction text, and enhancements to forms for improved
accessibility for people with disabilities.
社区用户名 2019-02-28 13:37:02 回复
是不是搞错了什么?w3.org 明显是万维网联盟的官网,DTD 的意思是 Document type definition,我觉得 loose.dtd 开头已经说的很清楚了
chuichuiff 2019-02-28 15:07:16 回复
回复@社区用户名: 可能/etc/hosts后执行下载