We have found a bug.
It uses explorer.exe to collect and collate data.
And uses ONENOTE,
Tha Spooler,
Moviemaker,
sets up a Lanman server
and Lanman workstation.
Explorer.exe run for about 16 min.
To check your system
create a dump file of exporer
about 8 min into boot up.
If infected you will see
items created text files
from last session.
We have been unable to track
it back to the hacker as of yet,
but we did manage to
pass on a gifte.
It was on one of our OSINT
machines, and that is the only
thing on that network.
So we borough up an Incognito
window on Chrome, we used
Incognito so as not to mess
up history files, for future
searches.
And in this Incognito window
we ran 10 tabs, all porno.
huge volumes of data and
ran them 15 hrs a day.
For weeks.
(The PC developed some latency issues
to be sure but we found a work around.)
We used our OSINT engine to find
a porno site that has a venture fund
involved, its less likely to have
any malware.
We are not sure who this is,
but I would liked to have been
a fly on the wall when they
said "they don't seem to do any
work there just watch porno all day."
HA tee hee.
If it had been a bad guy we expected
something to show up in the forums.
It seems todays porno is more
pornoier than I remember.
And I am always amazed at how
Homo Sapiens are wired.
Just seeing other copulate
slows the higher brain functions,
and just viewing it makes them
want to engage in sex, from
the visualisation alone.
A mechanism to insure continuation
of the species.
We will be posting more on this
malware as we reverse engineer it.
There is a huge stash of Porno
that we are searching for stored
on some server, watch for smoke.
Gerald
.
No comments:
Post a Comment