![]() ![]() Maze has forged POST strings with a random choice from a list of possibilities including "forum", "php", "view", etc. Maze has used the ChaCha algorithm, based on Salsa20, and an RSA algorithm to encrypt files. Maze has disrupted systems by encrypting files on targeted machines, claiming to decrypt files if a ransom payment is made. ![]() The Maze encryption process has used batch scripts with various commands. Ĭommand and Scripting Interpreter: Windows Command Shell Maze has created a file named "startup_vrun.bat" in the Startup folder of a virtual machine to establish persistence. īoot or Logon Autostart Execution: Registry Run Keys / Startup Folder Maze has communicated to hard-coded IP addresses via HTTP. ![]() Enterprise Layer download view Techniques Used DomainĪpplication Layer Protocol: Web Protocols ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |