Created
July 11, 2017 17:48
-
-
Save idiom/2255c3de1f58c5ddf17f58f10e89e063 to your computer and use it in GitHub Desktop.
Recent Adwind/AlienSpy/Jrat Config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "NETWORK": [{ | |
| "PORT": 2888, | |
| "DNS": "194.68.59.50" | |
| }], | |
| "INSTALL": true, | |
| "MODULE_PATH": "ww/m/Pg.D", | |
| "PLUGIN_FOLDER": "OthxlrLLffC", | |
| "JRE_FOLDER": "MmghqR", | |
| "JAR_FOLDER": "wXnIEPKkySF", | |
| "JAR_EXTENSION": "PSZLvT", | |
| "ENCRYPT_KEY": "FXVuhZhfsYPWDHDghSBaakqxm", | |
| "DELAY_INSTALL": 2, | |
| "NICKNAME": "July 10", | |
| "VMWARE": false, | |
| "PLUGIN_EXTENSION": "qSqOk", | |
| "WEBSITE_PROJECT": "https://jrat.io", | |
| "JAR_NAME": "FxTRchvRBZz", | |
| "SECURITY": [{ | |
| "REG": [{ | |
| "VALUE": "\"SaveZoneInformation\"=dword:00000001\r\n", | |
| "KEY": "[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments]" | |
| }, { | |
| "VALUE": "\"LowRiskFileTypes\"=\".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;\"\r\n", | |
| "KEY": "[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations]" | |
| }, { | |
| "VALUE": "\"SaveZoneInformation\"=-\r\n", | |
| "KEY": "[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments]" | |
| }, { | |
| "VALUE": "\"LowRiskFileTypes\"=-\r\n", | |
| "KEY": "[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations]" | |
| }], | |
| "NAME": "Open-File Security Warning" | |
| }, { | |
| "REG": [{ | |
| "VALUE": "\"SEE_MASK_NOZONECHECKS\"=\"1\"\r\n", | |
| "KEY": "[HKEY_CURRENT_USER\\Environment]" | |
| }, { | |
| "VALUE": "\"SEE_MASK_NOZONECHECKS\"=\"1\"\r\n", | |
| "KEY": "[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment]" | |
| }], | |
| "NAME": "Disable Zone Checking" | |
| }, { | |
| "PROCESS": ["ProcessHacker.exe"], | |
| "NAME": "Process Hacker" | |
| }, { | |
| "PROCESS": ["procexp.exe"], | |
| "NAME": "MsConfig" | |
| }, { | |
| "PROCESS": ["MSASCui.exe", "MsMpEng.exe", "MpUXSrv.exe", "MpCmdRun.exe", "NisSrv.exe", "ConfigSecurityPolicy.exe"], | |
| "NAME": "Windows Defender" | |
| }, { | |
| "PROCESS": ["procexp.exe"], | |
| "NAME": "Process Explorer" | |
| }, { | |
| "PROCESS": ["wireshark.exe", "tshark.exe", "text2pcap.exe", "rawshark.exe", "mergecap.exe", "editcap.exe", "dumpcap.exe", "capinfos.exe"], | |
| "NAME": "Wireshark" | |
| }, { | |
| "PROCESS": ["mbam.exe", "mbamscheduler.exe", "mbamservice.exe"], | |
| "NAME": "MalwareBytes" | |
| }, { | |
| "PROCESS": ["AdAwareService.exe", "AdAwareTray.exe", "WebCompanion.exe", "AdAwareDesktop.exe"], | |
| "NAME": "Ad-Aware Antivirus" | |
| }, { | |
| "PROCESS": ["V3Main.exe", "V3Svc.exe", "V3Up.exe", "V3SP.exe", "V3Proxy.exe", "V3Medic.exe"], | |
| "NAME": "Ahnlab V3 Internet Security 8.0" | |
| }, { | |
| "PROCESS": ["BgScan.exe", "BullGuard.exe", "BullGuardBhvScanner.exe", "BullGuarScanner.exe", "LittleHook.exe", "BullGuardUpdate.exe"], | |
| "NAME": "Bull Guard Antivirus" | |
| }, { | |
| "PROCESS": ["clamscan.exe", "ClamTray.exe", "ClamWin.exe"], | |
| "NAME": "ClamWin Antivirus" | |
| }, { | |
| "PROCESS": ["cis.exe", "CisTray.exe", "cmdagent.exe", "cavwp.exe", "dragon_updater.exe"], | |
| "NAME": "COMODO Antivirus" | |
| }, { | |
| "PROCESS": ["MWAGENT.EXE", "MWASER.EXE", "CONSCTLX.EXE", "avpmapp.exe", "econceal.exe", "escanmon.exe", "escanpro.exe", "TRAYSSER.EXE", "TRAYICOS.EXE", "econser.exe", "VIEWTCP.EXE"], | |
| "NAME": "EScan Antivirus" | |
| }, { | |
| "PROCESS": ["FSHDLL64.exe", "fsgk32.exe", "fshoster32.exe", "FSMA32.EXE", "fsorsp.exe", "fssm32.exe", "FSM32.EXE", "trigger.exe"], | |
| "NAME": "F-Secure Antivirus" | |
| }, { | |
| "PROCESS": ["FProtTray.exe", "FPWin.exe", "FPAVServer.exe"], | |
| "NAME": "F-PROT Antivirus" | |
| }, { | |
| "PROCESS": ["AVK.exe", "GdBgInx64.exe", "AVKProxy.exe", "GDScan.exe", "AVKWCtlx64.exe", "AVKService.exe", "AVKTray.exe", "GDKBFltExe32.exe", "GDSC.exe"], | |
| "NAME": "G DATA Antivirus" | |
| }, { | |
| "PROCESS": ["virusutilities.exe", "guardxservice.exe", "guardxkickoff_x64.exe"], | |
| "NAME": "IKARUS Antivirus" | |
| }, { | |
| "PROCESS": ["iptray.exe", "freshclam.exe", "freshclamwrap.exe"], | |
| "NAME": "Immunet Antivirus" | |
| }, { | |
| "PROCESS": ["K7RTScan.exe", "K7FWSrvc.exe", "K7PSSrvc.exe", "K7EmlPxy.EXE", "K7TSecurity.exe", "K7AVScan.exe", "K7CrvSvc.exe", "K7SysMon.Exe", "K7TSMain.exe", "K7TSMngr.exe"], | |
| "NAME": "K7 Ultimate Antivirus" | |
| }, { | |
| "PROCESS": ["nanosvc.exe", "nanoav.exe"], | |
| "NAME": "NANO Antivirus" | |
| }, { | |
| "PROCESS": ["nnf.exe", "nvcsvc.exe", "nbrowser.exe", "nseupdatesvc.exe", "nfservice.exe", "nwscmon.exe", "njeeves2.exe", "nvcod.exe", "nvoy.exe", "zlhh.exe", "Zlh.exe", "nprosec.exe", "Zanda.exe"], | |
| "NAME": "Norman Antivirus" | |
| }, { | |
| "PROCESS": ["NS.exe"], | |
| "NAME": "Norton Internet Security" | |
| }, { | |
| "PROCESS": ["acs.exe", "op_mon.exe"], | |
| "NAME": "Outpost ASecurity Suite Pro" | |
| }, { | |
| "PROCESS": ["PSANHost.exe", "PSUAMain.exe", "PSUAService.exe", "AgentSvc.exe"], | |
| "NAME": "Panda Antivirus" | |
| }, { | |
| "PROCESS": ["BDSSVC.EXE", "EMLPROXY.EXE", "OPSSVC.EXE", "ONLINENT.EXE", "QUHLPSVC.EXE", "SAPISSVC.EXE", "SCANNER.EXE", "SCANWSCS.EXE", "scproxysrv.exe", "ScSecSvc.exe"], | |
| "NAME": "Quick Heal Antivirus" | |
| }, { | |
| "PROCESS": ["SUPERAntiSpyware.exe", "SASCore64.exe", "SSUpdate64.exe", "SUPERDelete.exe", "SASTask.exe"], | |
| "NAME": "SUPER Anti-Spyware" | |
| }, { | |
| "PROCESS": ["K7RTScan.exe", "K7FWSrvc.exe", "K7PSSrvc.exe", "K7EmlPxy.EXE", "K7TSecurity.exe", "K7AVScan.exe", "K7CrvSvc.exe", "K7SysMon.Exe", "K7TSMain.exe", "K7TSMngr.exe"], | |
| "NAME": "K7 Ultimate Antivirus" | |
| }, { | |
| "PROCESS": ["uiWinMgr.exe", "uiWatchDog.exe", "uiSeAgnt.exe", "PtWatchDog.exe", "PtSvcHost.exe", "PtSessionAgent.exe", "coreFrameworkHost.exe", "coreServiceShell.exe", "uiUpdateTray.exe"], | |
| "NAME": "Trend Micro Antivirus+" | |
| }, { | |
| "PROCESS": ["VIPREUI.exe", "SBAMSvc.exe", "SBAMTray.exe", "SBPIMSvc.exe"], | |
| "NAME": "VIPRE Security 2015" | |
| }, { | |
| "PROCESS": ["bavhm.exe", "BavSvc.exe", "BavTray.exe", "Bav.exe", "BavWebClient.exe", "BavUpdater.exe"], | |
| "NAME": "Baidu Antivirus 2015" | |
| }, { | |
| "PROCESS": ["MCShieldCCC.exe", "MCShieldRTM.exe", "MCShieldDS.exe", "MCS-Uninstall.exe"], | |
| "NAME": "MCShield Anti-Malware Tool" | |
| }, { | |
| "PROCESS": ["SDScan.exe", "SDFSSvc.exe", "SDWelcome.exe", "SDTray.exe"], | |
| "NAME": "SPYBOT AntiMalware" | |
| }, { | |
| "PROCESS": ["UnThreat.exe", "utsvc.exe"], | |
| "NAME": "UnThreat Antivirus" | |
| }, { | |
| "PROCESS": ["FortiClient.exe", "fcappdb.exe", "FCDBlog.exe", "FCHelper64.exe", "fmon.exe", "FortiESNAC.exe", "FortiProxy.exe", "FortiSSLVPNdaemon.exe", "FortiTray.exe", "FortiFW.exe", "FortiClient_Diagnostic_Tool.exe", "av_task.exe"], | |
| "NAME": "FortiClient" | |
| }, { | |
| "PROCESS": ["CertReg.exe", "FilMsg.exe", "FilUp.exe", "filwscc.exe", "filwscc.exe", "psview.exe", "quamgr.exe", "quamgr.exe", "schmgr.exe", "schmgr.exe", "twsscan.exe", "twssrv.exe", "UserReg.exe"], | |
| "NAME": "Twister Antivirus" | |
| }], | |
| "JAR_REGISTRY": "HQtVFwRMhln", | |
| "DELAY_CONNECT": 2, | |
| "SECURITY_TIMES": 1, | |
| "VBOX": false | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment