老杜
[博客]
[个人文集]
警告次数: 1
加入时间: 2004/05/16
文章: 3642
经验值: 12583
|
|
|
作者:老杜 在 驴鸣镇 发贴, 来自 http://www.hjclub.org
好久没来,不知驴老舅可好?贵体有痒乎?寝食可得安乎?尚能饭否?
今天在网上瞎逛,看到下边的信息:
https://citizenlab.ca/2015/10/targeted-attacks-ngo-burma/
下边这段话:
The Google Drive link in the body connects to a file ‘Permit.zip’. This zip folder contains Permit.jpg.lnk, a shortcut that opens a command prompt to download and run ca-bundle.exe from the Chinese forum site hjclub.info (hxxp://www.hjclub.info/bbs/uploadfiles/45/ca-bundle.exe’,’%TEMP%\ca-bundle[.]exe). When executed, ca-bundle.exe drops a self-extracting archive (AwViewWx.exe) that contains the three components of PlugX, a signed legitimate executable, a malicious DLL, and a binary file containing the main payload.
不知啥意思,请老希明察。
作者:老杜 在 驴鸣镇 发贴, 来自 http://www.hjclub.org |
|
|
老希请进
