Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

EvilBunny

EvilBunny is a C++ malware sample observed since 2011 that was designed to be a execution platform for Lua scripts.(Citation: Cyphort EvilBunny Dec 2014)

ID: S0396

Type: MALWARE

Platforms: Windows

Version: 1.2

Created: 28 Jun 2019

Last Modified: 02 Apr 2021

Domain	ID		Name	Use
Techniques Used
Enterprise	T1071	.001	Application Layer Protocol: Web Protocols	EvilBunny has executed C2 commands directly via HTTP.(Citation: Cyphort EvilBunny Dec 2014)
Enterprise	T1547	.001	Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder	EvilBunny has created Registry keys for persistence in `[HKLM\|HKCU]\…\CurrentVersion\Run`.(Citation: Cyphort EvilBunny Dec 2014)
Enterprise	T1059	.003	Command and Scripting Interpreter: Windows Command Shell	EvilBunny has an integrated scripting engine to download and execute Lua scripts.(Citation: Cyphort EvilBunny Dec 2014)
Enterprise	T1070	.004	Indicator Removal: File Deletion	EvilBunny has deleted the initial dropper after running through the environment checks.(Citation: Cyphort EvilBunny Dec 2014)
Enterprise	T1053	.005	Scheduled Task/Job: Scheduled Task	EvilBunny has executed commands via scheduled tasks.(Citation: Cyphort EvilBunny Dec 2014)
Enterprise	T1518	.001	Software Discovery: Security Software Discovery	EvilBunny has been observed querying installed antivirus software.(Citation: Cyphort EvilBunny Dec 2014)
Enterprise	T1497	.001	Virtualization/Sandbox Evasion: System Checks	EvilBunny's dropper has checked the number of processes and the length and strings of its own file name to identify if the malware is in a sandbox environment.(Citation: Cyphort EvilBunny Dec 2014)
		.003	Virtualization/Sandbox Evasion: Time Based Evasion	EvilBunny has used time measurements from 3 different APIs before and after performing sleep operations to check and abort if the malware is running in a sandbox.(Citation: Cyphort EvilBunny Dec 2014)

References

Marschalek, M.. (2014, December 16). EvilBunny: Malware Instrumented By Lua. Retrieved June 28, 2019.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

EvilBunny

Techniques Used

References