Search found 26 matches

by Squirl
Tue Feb 26, 2013 9:06 am
Forum: Malware
Topic: Citadel (Zeus clone)
Replies: 197
Views: 392807

Re: Requests

The compromise was serving up Citadel, according to most AV blogs. I've attached the various components of the compromise (but no Troj, sadly).
by Squirl
Thu Feb 21, 2013 8:45 pm
Forum: Malware
Topic: NBC compromise payload
Replies: 2
Views: 2720

NBC compromise payload

NBC[dot]com exploit (RedKit) payload attached.

It attempts to assemble some binary code from base64 encoded streams and some actual raw hex - I've not got around to looking at this indepth, yet.

Enjoy :D
by Squirl
Thu Feb 21, 2013 8:42 pm
Forum: Malware
Topic: hxxp://iphonedevsdk.com compromise payload
Replies: 6
Views: 4202

Re: hxxp://iphonedevsdk.com compromise payload

Thanks guys. Managed to find a sample of the payload. I don't, personally, believe this is a targeted attack - I think they got lucky compromising two massive companies. The "wateringhole" (I hate buzzwords, don't you?) attack was most likely a hope-for-the-best campaign. I agree with you on the Man...
by Squirl
Wed Feb 20, 2013 4:30 pm
Forum: Malware
Topic: hxxp://iphonedevsdk.com compromise payload
Replies: 6
Views: 4202

Re: hxxp://iphonedevsdk.com compromise payload

Hey N3mes1s, Thanks for the reply. I've tried a lot of commercial archivers, but cannot find what I'm looking for. It's likely (though unconfirmed) that the payload was on page other than the Landing, which makes it a bit tougher. I doubt I'll find it, but it's just possible somebody at least has th...
by Squirl
Wed Feb 20, 2013 3:47 pm
Forum: Malware
Topic: hxxp://iphonedevsdk.com compromise payload
Replies: 6
Views: 4202

hxxp://iphonedevsdk.com compromise payload

Hi all,

Does anybody have a copy of the payload (jar file, HTML, anything) that was hosted on this site up until 01/30/2013?

I've tried multiple cache sources, but cannot find anything.

I know it's not a lot to go on, but if anybody at all could help, that would be amazing!
by Squirl
Fri Feb 01, 2013 4:53 pm
Forum: Reverse Engineering and Debugging
Topic: Shamoon and Stuxnet (Source Code)
Replies: 2
Views: 5822

Re: Shamoon and Stuxnet (Source Code)

Seems none of the source is available over SVN. Pastebin it, perhaps?