Search found 501 matches

by unixfreaxjp
Sun Jan 10, 2016 6:14 pm
Forum: Malware
Topic: Linux/Tsunami
Replies: 28
Views: 56137

Re: (The recent) | Re: Linux/Tsunami

unixfreaxjp wrote:(maybe to couple thousands nodes tops in overall total of groups that's using it like lizard-stresser, kaitenbbot, etc)
If you think I am bullshitting count the node in this paste https://pastebin.com/655ba54R all are gayfgt and kaiten (with and without STD version)
by unixfreaxjp
Tue Jan 05, 2016 5:54 pm
Forum: Malware
Topic: Linux/DDOSTF
Replies: 3
Views: 8121

Re: Linux/DDOSTF

Older version was spotted in virus total, thanks to Michal Malik for informing. Sample: https://www.virustotal.com/en/file/98a0e070e4675915dcd6317b266cc8e025a271e7ff3e633bc21bb6f6933f0223/analysis/ Added new comment for older version and hidden cnc http://blog.malwaremustdie.org/2016/01/mmd-0048-201...
by unixfreaxjp
Tue Jan 05, 2016 8:38 am
Forum: Malware
Topic: Linux/Tsunami
Replies: 28
Views: 56137

Re: (The recent) | Re: Linux/Tsunami

I don't know who you are. But thank's for the sharing of thought, appreciate it. Most important new thing is this telnet scanner... That's hardly a major improvement over the existing Kaiten. . Oh, I agreed with you perfectly, and I didn't say majorly improved, but they added services bruter/scanner...
by unixfreaxjp
Tue Jan 05, 2016 7:01 am
Forum: Malware
Topic: Linux/DDOSTF
Replies: 3
Views: 8121

Linux/DDOSTF

Analysis: http://blog.malwaremustdie.org/2016/01/mmd-0048-2016-ddostf-new-elf-windows.html Samples: https://www.virustotal.com/en/file/40749978fd60ac0a1c8e2a753193973af4ad330091f27805e1a1010f2f44ab30/analysis/1451976226/ https://www.virustotal.com/en/file/01a4e78d04b7d27710a66a256735bbaf2b18e0fa672f...
by unixfreaxjp
Wed Dec 30, 2015 5:47 pm
Forum: Malware
Topic: Linux/SSHV: SSH bruter worm
Replies: 9
Views: 16308

Re: Linux/SSHV: SSH bruter worm

The getdents64 system call is available on 32 bit Linux, ARM, MIPS... etc... As it has nothing to do with the CPU architecture, but rather, the sizes of data the syscall can deal with. To be very honest, I missed deep checks on the above getdents* man(2) details during observation, as I just read t...
by unixfreaxjp
Sat Dec 26, 2015 9:06 am
Forum: Malware
Topic: Linux/SSHV: SSH bruter worm
Replies: 9
Views: 16308

Re: Linux/SSHV: SSH bruter worm

This is not exactly a f-- APT or anything, its effectively copypasta. It probably *is* some poor sods college assignment for a network security class or something that went a bit awry. Thank you for your post. I think you should see the post/blog report well, instead using some Fxxx words in our re...
by unixfreaxjp
Fri Dec 25, 2015 3:46 am
Forum: Malware
Topic: Linux/SSHV: SSH bruter worm
Replies: 9
Views: 16308

Re: Linux/SSHV: SSH bruter worm

Just an additional information, worth to mention too here. Here's a nice Q & A I assist with the linux security community folks, for the linux security hardening and mitigation purpose: https://www.reddit.com/r/linux/comments/3y2n4o/malware_must_die_mmd00472015_sshv_ssh_bruter_elf/ I can understand ...
by unixfreaxjp
Thu Dec 24, 2015 5:24 pm
Forum: Malware
Topic: Linux/SSHV: SSH bruter worm
Replies: 9
Views: 16308

Re: Linux/SSHV: SSH bruter worm

Thanks, nice analysis. Did you manage to obtain a x64 sample mentioned on one of the screenshots from the article? I thought so too (main part x64 could be a nastier stuff..like rootkit etc) actually. Tried to seek everywhere for it, it's just not in there. Upon surveillance of the university activ...
by unixfreaxjp
Thu Dec 24, 2015 8:27 am
Forum: Malware
Topic: Linux/SSHV: SSH bruter worm
Replies: 9
Views: 16308

Linux/SSHV: SSH bruter worm

A university kid in Shanghai, China made this malware in his "school project" and run a wide-test for it, he uploaded the sample for checking its FUD.. why a friend poke me for that. His purpose is definitely suspicious. I analyzed it in here: http://blog.malwaremustdie.org/2015/12/mmd-0047-2015-ssh...