UnknownOooo

Results 1 comments of UnknownOooo

检测绕过

> ![2](https://private-user-images.githubusercontent.com/63456933/389201921-1b6bea0c-824a-4b47-959d-ad07fb62d747.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MzM0NjMzMjksIm5iZiI6MTczMzQ2MzAyOSwicGF0aCI6Ii82MzQ1NjkzMy8zODkyMDE5MjEtMWI2YmVhMGMtODI0YS00YjQ3LTk1OWQtYWQwN2ZiNjJkNzQ3LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDEyMDYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQxMjA2VDA1MzAyOVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPThmNjk3ZTNiMTYyZDg0YzQzMjYwODYzOTUyOTFiODBkMTRjOWNhNWFlMDI0ZmU2MTk3MDhkODdmNTM5ZjBhZTEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.zJssUWBind9yc4bc938kzw00b3xPOmS2croSUxEo9vc) ![1](https://private-user-images.githubusercontent.com/63456933/389201923-24a8dacf-1ddf-4c03-91fc-f27f4a2c2853.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MzM0NjMzMjksIm5iZiI6MTczMzQ2MzAyOSwicGF0aCI6Ii82MzQ1NjkzMy8zODkyMDE5MjMtMjRhOGRhY2YtMWRkZi00YzAzLTkxZmMtZjI3ZjRhMmMyODUzLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDEyMDYlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQxMjA2VDA1MzAyOVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTRlNWE0NzExMDM3OTIwYjU5MGI1NjAzMzhhZTczODRiYWI2NDY1ZjVjMjRiNjU3NjFkYmNjODM3N2Q2OGI5OWEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.SAGk-Fw1s6jT3Xp6Aaxu1SerjesmRcLODDv7jGOfNl4) 等下个版本发布,可以拦截创建傀儡进程的过程 能再看看这个样本嘛?冰盾内置规则似乎没法检测到该样本的 镂空进程 和 修改线程上下文 的行为,解压密码依然是infected [sample.zip](https://github.com/user-attachments/files/18033139/sample.zip)